exploitDog

CVE-2014-1255

Опубликовано: 27 фев. 2014

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.

Ссылки

http://support.apple.com/kb/HT6150
Vendor Advisory
http://support.apple.com/kb/HT6150
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Версия до 10.9.1 (включая)

cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.003

Низкий

7.5 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-6wq8-mcx2-r8xx

github

больше 3 лет назад

Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.

EPSS

Процентиль: 53%

0.003

Низкий

7.5 High

CVSS2

Дефекты

CWE-20