VAR-201501-0263
Vulnerability from variot - Updated: 2023-12-18 11:09LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. Apple Mac OS X is prone to multiple security vulnerabilities. The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.10.2. LaunchServices is one of the components that uses a running application to open other applications or documents
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0263",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.4,
"vendor": "apple",
"version": "10.10.1"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.8.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
}
],
"sources": [
{
"db": "BID",
"id": "72341"
},
{
"db": "BID",
"id": "72328"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001302"
},
{
"db": "NVD",
"id": "CVE-2014-8826"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-681"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.10.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8826"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vitaliy Toropov working with HP\u0027s Zero Day Initiative, Roberto Paleari and Aristide Fattori of Emaze Networks, Sten Petersen, Mike Myers,Ian Beer of Google Project Zero, Ale,Hernan Ochoa from Amplia Security, @PanguTeam, Trammell Hudson of Two Sigma Investments, Alex, of Digital Operatives LLC",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-681"
}
],
"trust": 0.6
},
"cve": "CVE-2014-8826",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-8826",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-76771",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8826",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-681",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-76771",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76771"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001302"
},
{
"db": "NVD",
"id": "CVE-2014-8826"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-681"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. Apple Mac OS X is prone to multiple security vulnerabilities. \nThe update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components. \nAttackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions. \nThese issues affect OS X prior to 10.10.2. LaunchServices is one of the components that uses a running application to open other applications or documents",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8826"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001302"
},
{
"db": "BID",
"id": "72341"
},
{
"db": "BID",
"id": "72328"
},
{
"db": "VULHUB",
"id": "VHN-76771"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-76771",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76771"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8826",
"trust": 3.1
},
{
"db": "BID",
"id": "72341",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "35934",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "117659",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1031650",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "130147",
"trust": 1.7
},
{
"db": "BID",
"id": "72328",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU96447236",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001302",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201501-681",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-89438",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-76771",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76771"
},
{
"db": "BID",
"id": "72341"
},
{
"db": "BID",
"id": "72328"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001302"
},
{
"db": "NVD",
"id": "CVE-2014-8826"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-681"
}
]
},
"id": "VAR-201501-0263",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-76771"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:09:50.519000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-01-27-4",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html"
},
{
"title": "HT204244",
"trust": 0.8,
"url": "http://support.apple.com/en-us/ht204244"
},
{
"title": "HT204244",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht204244"
},
{
"title": "osxupd10.10.2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53587"
},
{
"title": "iPhone7,1_8.1.3_12B466_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53586"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001302"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-681"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-19",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76771"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001302"
},
{
"db": "NVD",
"id": "CVE-2014-8826"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.ampliasecurity.com/advisories/os-x-gatekeeper-bypass-vulnerability.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/72341"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/534567/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://support.apple.com/ht204244"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/35934"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2015/jan/109"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/130147/os-x-gatekeeper-bypass.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/117659"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1031650"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100519"
},
{
"trust": 1.2,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.9,
"url": "https://support.apple.com/en-us/ht204659"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8826"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96447236/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8826"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/72328"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76771"
},
{
"db": "BID",
"id": "72341"
},
{
"db": "BID",
"id": "72328"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001302"
},
{
"db": "NVD",
"id": "CVE-2014-8826"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-681"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-76771"
},
{
"db": "BID",
"id": "72341"
},
{
"db": "BID",
"id": "72328"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001302"
},
{
"db": "NVD",
"id": "CVE-2014-8826"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-681"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-30T00:00:00",
"db": "VULHUB",
"id": "VHN-76771"
},
{
"date": "2015-01-27T00:00:00",
"db": "BID",
"id": "72341"
},
{
"date": "2015-01-27T00:00:00",
"db": "BID",
"id": "72328"
},
{
"date": "2015-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001302"
},
{
"date": "2015-01-30T11:59:36.313000",
"db": "NVD",
"id": "CVE-2014-8826"
},
{
"date": "2015-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-681"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-17T00:00:00",
"db": "VULHUB",
"id": "VHN-76771"
},
{
"date": "2015-01-27T00:00:00",
"db": "BID",
"id": "72341"
},
{
"date": "2019-04-12T18:00:00",
"db": "BID",
"id": "72328"
},
{
"date": "2015-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001302"
},
{
"date": "2020-07-17T18:15:12.470000",
"db": "NVD",
"id": "CVE-2014-8826"
},
{
"date": "2020-07-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-681"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "72341"
},
{
"db": "BID",
"id": "72328"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple OS X of LaunchServices In Gatekeeper Vulnerabilities that circumvent protection mechanisms",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001302"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-681"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…