Remote Code Execution Vulnerability in Apple OS X Archive Utility
CVE-2014-1370

Currently unrated

Key Information:

Vendor: Apple
Status: Mac Os X; Mac Os X Server
Vendor: CVE Published:; 1 July 2014

Summary

A vulnerability exists in the byte-swapping implementation of the copyfile function in Apple OS X, which can be exploited by remote attackers through a specially crafted AppleDouble file compressed in a ZIP archive. This leads to arbitrary code execution or a denial of service, resulting in out-of-bounds memory access and application crashes. Patch updates are recommended to mitigate risks associated with this vulnerability.

References

http://support.apple.com/kb/HT6296

x_refsource_CONFIRM

http://www.securitytracker.com/id/1030505

vdb-entryx_refsource_SECTRACK

http://archives.neohapsis.com/archives/bugtraq/2014-06/01...

vendor-advisoryx_refsource_APPLE

Timeline

Vulnerability published
Jul 1, 2014
Vulnerability Reserved
Jan 8, 2014