CVE-2014-4440 — Sensitive Information Exposure in Apple MAC OS X

CWE-16 CWE-200 — Sensitive Information Exposure2 documents2 sources

Severity

2.6LOWNVD

EPSS

0.8%

top 25.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X

Timeline

PublishedOct 18

Latest updateMay 17

Description

The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/mac_os_x10.9.5

🔴Vulnerability Details

GHSA

GHSA-g3fh-7ffm-hhhj: The MCX Desktop Config Profiles implementation in Apple OS X before 10↗2022-05-17

▶