Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-1322Sensitive Information Exposure in Apple MAC OS X

CWE-200Sensitive Information Exposure4 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.2%
top 52.52%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apple MAC OS X
Timeline
PublishedApr 23
Latest updateMay 17

Description

The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.

CVSS vector

AV:L/AC:L/C:C/I:N/A:NExploitability: 3.9 | Impact: 6.9

Affected Packages1 packages

NVDapple/mac_os_x10.9.2+2

🔴Vulnerability Details

1
GHSA
GHSA-jf79-rf9v-4686: The kernel in Apple OS X through 102022-05-17

💥Exploits & PoCs

2
Exploit-DB
Advantech Switch - 'Shellshock' Bash Environment Variable Command Injection (Metasploit)2015-12-02
Exploit-DB
Apple Mac OSX - Local Security Bypass2014-04-22