CVE-2014-1314

Published: Apr 23, 2014Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application.

Affected (10)

Products: Apple: Mac Os X

Apple

1 product

Mac Os X

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Up to 10.9.2
Apple Mac Os X	Version 10.9.1
Apple Mac Os X	Version 10.9

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Version 10.8.0
Apple Mac Os X	Version 10.8.1
Apple Mac Os X	Version 10.8.2
Apple Mac Os X	Version 10.8.3
Apple Mac Os X	Version 10.8.4
Apple Mac Os X	Version 10.8.5
Apple Mac Os X	Version 10.8.5 supplemental_update

Related CWEs

CWE-264

References (2)

http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html

Source: product-security@apple.com

http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.