Sign-up

ID

VAR-201501-0274


CVE

CVE-2014-8837


TITLE

Apple OS X of Bluetooth Vulnerability to execute arbitrary code in driver

Trust: 0.8

sources: JVNDB: JVNDB-2015-001314

DESCRIPTION

Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app. Apple Mac OS X is prone to multiple security vulnerabilities. The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.10.2

Trust: 1.98

sources: NVD: CVE-2014-8837 // JVNDB: JVNDB-2015-001314 // BID: 72328 // VULHUB: VHN-76782

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.10.1

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.10.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:x10.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.10.3

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.10.2

Trust: 0.3

sources: BID: 72328 // JVNDB: JVNDB-2015-001314 // CNNVD: CNNVD-201501-738 // NVD: CVE-2014-8837

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8837
value: HIGH

Trust: 1.0

NVD: CVE-2014-8837
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201501-738
value: CRITICAL

Trust: 0.6

VULHUB: VHN-76782
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-8837
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2014-8837
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-76782
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-76782 // JVNDB: JVNDB-2015-001314 // CNNVD: CNNVD-201501-738 // NVD: CVE-2014-8837

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-8837

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201501-738

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201501-738

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001314

PATCH
title:APPLE-SA-2015-01-27-4url:http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
Trust: 0.8
title:HT204244url:http://support.apple.com/en-us/HT204244
Trust: 0.8
title:HT204244url:http://support.apple.com/ja-jp/HT204244
Trust: 0.8
title:osxupd10.10.2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53587
Trust: 0.6
title:iPhone7,1_8.1.3_12B466_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53586
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-001314 // 
            
            
            
            CNNVD: CNNVD-201501-738

EXTERNAL IDS
db:NVDid:CVE-2014-8837
Trust: 2.8
db:SECTRACKid:1031650
Trust: 1.1
db:BIDid:72328
Trust: 0.9
db:JVNid:JVNVU96447236
Trust: 0.8
db:JVNDBid:JVNDB-2015-001314
Trust: 0.8
db:CNNVDid:CNNVD-201501-738
Trust: 0.7
db:VULHUBid:VHN-76782
Trust: 0.1
sources:
            
            
            VULHUB: VHN-76782 // 
            
            
            
            BID: 72328 // 
            
            
            
            JVNDB: JVNDB-2015-001314 // 
            
            
            
            CNNVD: CNNVD-201501-738 // 
            
            
            
            NVD: CVE-2014-8837

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html
Trust: 1.1
url:http://support.apple.com/ht204244
Trust: 1.1
url:http://www.securitytracker.com/id/1031650
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100491
Trust: 1.1
url:http://www.apple.com/macosx/
Trust: 0.9
url:https://support.apple.com/en-us/ht204659
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8837
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96447236/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8837
Trust: 0.8
url:https://www.securityfocus.com/bid/72328
Trust: 0.6
sources:
            
            
            VULHUB: VHN-76782 // 
            
            
            
            BID: 72328 // 
            
            
            
            JVNDB: JVNDB-2015-001314 // 
            
            
            
            CNNVD: CNNVD-201501-738 // 
            
            
            
            NVD: CVE-2014-8837

CREDITS
Vitaliy Toropov working with HP's Zero Day Initiative, Roberto Paleari and Aristide Fattori of Emaze Networks, Sten Petersen, Mike Myers,Ian Beer of Google Project Zero, Ale, @PanguTeam, Trammell Hudson of Two Sigma Investments, Alex, of Digital Operatives LLC
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201501-738

SOURCES
db:VULHUBid:VHN-76782
db:BIDid:72328
db:JVNDBid:JVNDB-2015-001314
db:CNNVDid:CNNVD-201501-738
db:NVDid:CVE-2014-8837

LAST UPDATE DATE
2025-04-13T21:55:47.439000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-76782date:2017-09-08T00:00:00
db:BIDid:72328date:2019-04-12T18:00:00
db:JVNDBid:JVNDB-2015-001314date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201501-738date:2019-04-15T00:00:00
db:NVDid:CVE-2014-8837date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-76782date:2015-01-30T00:00:00
db:BIDid:72328date:2015-01-27T00:00:00
db:JVNDBid:JVNDB-2015-001314date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201501-738date:2015-01-27T00:00:00
db:NVDid:CVE-2014-8837date:2015-01-30T11:59:46.687