CVE-2014-8826
published 2015-01-30CVE-2014-8826: LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism…
PriorityP338medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
8.72%
94.5th percentile
LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | <= 10.10.1 | — |
| apple | os_x_yosemite_v10.10.2_and_security_update_2015-001 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q3xj-vhg2-m3v9: LaunchServices in Apple OS X before 10
ghsa_unreviewed·2022-05-13
CVE-2014-8826 [MEDIUM] GHSA-q3xj-vhg2-m3v9: LaunchServices in Apple OS X before 10
LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive.
Apple
CVE-2014-8826: OS X Yosemite v10.10.2 and Security Update 2015-001
vendor_apple·CVSS 5.0
CVE-2014-8826 [MEDIUM] CVE-2014-8826: OS X Yosemite v10.10.2 and Security Update 2015-001
Apple Security Update: About the security content of OS X Yosemite v10.10.2 and Security Update 2015-001
Product: OS X Yosemite v10.10.2 and Security Update 2015-001
CVE: CVE-2014-8826
Component: CVE-ID
Impact: A malicious, sandboxed app can compromise the networkd daemon
Description: Multiple type confusion issues existed in networkd's handling of interprocess communication. By sending networkd a maliciously formatted message, it may have been possible to execute arbitrary code as the networkd process. The issue is addressed through additional type checking.
No detection rules found.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlhttp://packetstormsecurity.com/files/130147/OS-X-Gatekeeper-Bypass.htmlhttp://seclists.org/fulldisclosure/2015/Jan/109http://support.apple.com/HT204244http://www.exploit-db.com/exploits/35934http://www.osvdb.org/117659http://www.securityfocus.com/archive/1/534567/100/0/threadedhttp://www.securityfocus.com/bid/72341http://www.securitytracker.com/id/1031650https://exchange.xforce.ibmcloud.com/vulnerabilities/100519https://www.ampliasecurity.com/advisories/os-x-gatekeeper-bypass-vulnerability.htmlhttp://lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlhttp://packetstormsecurity.com/files/130147/OS-X-Gatekeeper-Bypass.htmlhttp://seclists.org/fulldisclosure/2015/Jan/109http://support.apple.com/HT204244http://www.exploit-db.com/exploits/35934http://www.osvdb.org/117659http://www.securityfocus.com/archive/1/534567/100/0/threadedhttp://www.securityfocus.com/bid/72341http://www.securitytracker.com/id/1031650https://exchange.xforce.ibmcloud.com/vulnerabilities/100519https://www.ampliasecurity.com/advisories/os-x-gatekeeper-bypass-vulnerability.html
2015-01-30
Published