Published: 23/04/2014 Updated: 24/04/2014
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

Vulnerability Summary

The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.

Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N
Access Complexity: LOW
Authentication: NONE
Access Vector: LOCAL
Confidentiality Impact: COMPLETE
Integrity Impact: NONE
Availability Impact: NONE

Affected Products

Vendor Product Versions
AppleMac Os X10.9, 10.9.1, 10.9.2


Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to access local systems.

Administrators are advised to allow only privileged users to access administration or management systems.


To exploit the vulnerability the attacker may need
access to the local system. This access requirement could limit the
likelihood of a successful exploit.

Apple report indicates that this vulnerability has been mitigated by removing the pointer from the object within the updated versions.

EDB Exploits