Skip to main content
CVE-2014-8835 CRITICAL POC THREAT Emergency

The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 35.4%.

Apple RCE Mac Os X
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
35.4%
Threat
4.4
CVE-2014-8836 CRITICAL POC Act Now

The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apple RCE Mac Os X
NVD
CVSS 2.0
10.0
EPSS
1.2%
CVE-2014-8817 CRITICAL POC Act Now

coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apple RCE Mac Os X
NVD
CVSS 2.0
10.0
EPSS
1.2%
CVE-2014-4487 CRITICAL Act Now

Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Buffer Overflow RCE Iphone Os Mac Os X +1
NVD
CVSS 2.0
10.0
EPSS
2.4%
CVE-2014-4480 CRITICAL Act Now

Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apple Iphone Os Tvos
NVD
CVSS 2.0
10.0
EPSS
1.9%
CVE-2014-4488 CRITICAL Act Now

IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple RCE Iphone Os Mac Os X Tvos
NVD
CVSS 2.0
10.0
EPSS
1.8%
CVE-2014-4497 CRITICAL Act Now

Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple RCE Mac Os X
NVD
CVSS 2.0
10.0
EPSS
1.1%
CVE-2014-4489 CRITICAL Act Now

IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple RCE Iphone Os Mac Os X +1
NVD
CVSS 2.0
10.0
EPSS
1.0%
CVE-2014-4486 CRITICAL Act Now

IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple RCE Iphone Os Mac Os X +1
NVD
CVSS 2.0
10.0
EPSS
1.0%
CVE-2014-8824 CRITICAL Act Now

The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple RCE Mac Os X
NVD
CVSS 2.0
10.0
EPSS
1.0%
CVE-2014-8822 CRITICAL Act Now

IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple RCE Mac Os X
NVD
CVSS 2.0
10.0
EPSS
1.0%
CVE-2014-4495 CRITICAL Act Now

The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Iphone Os Mac Os X Tvos
NVD
CVSS 2.0
10.0
EPSS
0.8%
CVE-2014-8837 CRITICAL Act Now

Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple RCE Mac Os X
NVD
CVSS 2.0
9.3
EPSS
1.7%
CVE-2014-9161 CRITICAL Act Now

CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows, and 10.x through 10.1.13 and 11.x through 11.0.10 on OS X, allows remote attackers to cause a denial. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Adobe Buffer Overflow Microsoft Acrobat Reader +1
NVD
CVSS 2.0
9.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy