CVE-2014-8835

NONECVSS 0.0

0.0

The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue.

🔗 References (16)

product-security@applehttp://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
product-security@applehttp://packetstormsecurity.com/files/135701/OS-X-Sysmond-XPC-Type-Confusion-Privilege-Escalation.html
product-security@applehttp://support.apple.com/HT204244
product-security@applehttp://www.exploit-db.com/exploits/35742/
product-security@applehttp://www.securityfocus.com/bid/71992
product-security@applehttp://www.securitytracker.com/id/1031650
product-security@applehttps://code.google.com/p/google-security-research/issues/detail?id=121
product-security@applehttps://exchange.xforce.ibmcloud.com/vulnerabilities/100530
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/135701/OS-X-Sysmond-XPC-Type-Confusion-Privilege-Escalation.html
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/HT204244
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/35742/
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/71992
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1031650
af854a3a-2127-422b-91ae-364da2661108https://code.google.com/p/google-security-research/issues/detail?id=121

Is Your Infrastructure Affected by CVE-2014-8835?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2014-8835

📅 Published

🔄 Last Modified

🔗 References (16)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2014-8835?