Vulnerability Description
Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from kernel memory and bypass the ASLR protection mechanism via a crafted call.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Mac Os X | <= 10.9.3 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html
- http://secunia.com/advisories/59475
- http://support.apple.com/kb/HT6296
- http://www.securitytracker.com/id/1030505
- https://code.google.com/p/google-security-research/issues/detail?id=18Exploit
- http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html
- http://secunia.com/advisories/59475
- http://support.apple.com/kb/HT6296
- http://www.securitytracker.com/id/1030505
- https://code.google.com/p/google-security-research/issues/detail?id=18Exploit
FAQ
What is CVE-2014-1372?
CVE-2014-1372 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from ke...
How severe is CVE-2014-1372?
CVE-2014-1372 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1372?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X.