Apple Mac OS X CVE-2014-4416 Arbitrary Code Execution Vulnerability

Bugtraq ID:	69898
Class:	Boundary Condition Error
CVE:	CVE-2014-4416
Remote:	Yes
Local:	No
Published:	Sep 17 2014 12:00AM
Updated:	Sep 17 2014 12:00AM
Credit:	Ian Beer of Google Project Zero
Vulnerable:	Apple Mac OS X 10.9.1 Apple Mac OS X 10.8.5 Apple Mac OS X 10.9.4 Apple Mac OS X 10.9.3 Apple Mac OS X 10.9.2 Apple Mac OS X 10.9
Not Vulnerable:	Apple Mac OS X 10.9.5

Apple Mac OS X CVE-2014-4416 Arbitrary Code Execution Vulnerability

Apple Mac OS X is prone to an arbitrary code-execution vulnerability because it fails to properly bounds check user-supplied input.

Attackers can exploit this issue to execute arbitrary code in the context of the system privileges. Failed exploit attempts may result in a denial-of-service condition.

Apple Mac OS X CVE-2014-4416 Arbitrary Code Execution Vulnerability

References:

• Apple Mac OS X Homepage (Apple)
  
• APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update (Apple)