CVE-2014-1320Sensitive Information Exposure in Apple Iphone OS

CWE-200Sensitive Information ExposureCWE-20Improper Input ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
4.9MEDIUMNVD
EPSS
0.1%
top 80.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple Iphone OSApple MAC OS XApple Tvos
Timeline
PublishedApr 23
Latest updateMay 14

Description

IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.

CVSS vector

AV:L/AC:L/C:C/I:N/A:NExploitability: 3.9 | Impact: 6.9

Affected Packages3 packages

NVDapple/tvos6.1+3
NVDapple/mac_os_x10.9.2+2
NVDapple/iphone_os7.1+7

🔴Vulnerability Details

1
GHSA
GHSA-9f8m-hc68-p44f: IOKit in Apple iOS before 72022-05-14

📋Vendor Advisories

1
Red Hat
qemu: cirrus: insufficient blit region checks2014-12-04