CVE ID | CVE-2014-1314 |
CVSS SCORE | 4.6, AV:L/AC:L/Au:N/C:P/I:P/A:P |
AFFECTED VENDORS |
Apple |
AFFECTED PRODUCTS |
OS X |
VULNERABILITY DETAILS |
The specific flaw exists within WindowServer. The issue lies in the failure to prevent sandboxed applications from creating new sessions. An attacker can leverage this to execute code outside the context of the sandbox. |
ADDITIONAL DETAILS |
Apple has issued an update to correct this vulnerability. More details can be found at:
http://support.apple.com/en-us/HT202966 |
DISCLOSURE TIMELINE |
|
CREDIT | Liang Chen of KeenTeam |