Vulnerability Description
IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Mac Os X | <= 10.9.2 |
| Apple | Iphone Os | <= 7.1 |
| Apple | Tvos | <= 6.1 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html
FAQ
What is CVE-2014-1320?
CVE-2014-1320 is a vulnerability with a CVSS score of 4.9 (MEDIUM). IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR pro...
How severe is CVE-2014-1320?
CVE-2014-1320 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1320?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Apple Iphone Os, Apple Tvos.