HIGH🇬🇧 English

CVE-2014-8817

CVSS 10.0v2.0pub. 2015-01-30upd. 2026-05-06

coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Apple Mac Os X

    OS
    Apple
    ≤ 10.10.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2021-1870CRITICAL9.8⚠ KEVten sam produkt

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Up...

CVE-2021-1871CRITICAL9.8⚠ KEVten sam produkt

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Up...

CVE-2016-4171CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbi...

CVE-2016-1019CRITICAL9.8⚠ KEVten sam produkt

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...

CVE-2015-5119CRITICAL9.8⚠ KEVten sam produkt

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash ...