Data Processing Errors

CVE-2014-8835

High

9.3/10

Summary

The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue.

Access Complexity: MEDIUM
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: COMPLETE
Confidentiality Impact: COMPLETE
Availability Impact: COMPLETE

CWE-19 - Data Processing Errors

Weaknesses in this category are typically found in functionality that processes data. Data processing is the manipulation of input to retrieve or save information.

References

Advisory Timeline

Published Jan 30, 2015

Data Processing Errors

CVE-2014-8835

Summary

CWE-19 - Data Processing Errors

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS