Array Index Error in Apple OS X Dock Allows Arbitrary Code Execution
CVE-2014-1371

Currently unrated

Key Information:

Vendor: Apple
Status: Mac Os X; Mac Os X Server
Vendor: CVE Published:; 1 July 2014

Summary

An array index error in the Dock component of Apple OS X versions prior to 10.9.4 can be exploited by attackers to execute arbitrary code or create a denial of service condition. This occurs when accessing a sandboxed application to send messages, leading to incorrect function-pointer dereferencing and potential application crashes. Users are encouraged to update their systems to mitigate this vulnerability.

References

http://support.apple.com/kb/HT6296

x_refsource_CONFIRM

http://www.securitytracker.com/id/1030505

vdb-entryx_refsource_SECTRACK

http://archives.neohapsis.com/archives/bugtraq/2014-06/01...

vendor-advisoryx_refsource_APPLE

Timeline

Vulnerability published
Jul 1, 2014
Vulnerability Reserved
Jan 8, 2014