CVE-2014-1255

Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
applemac_os_x
𝑥
≤ 10.9.1
applemac_os_x
10.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://support.apple.com/kb/HT6150
http://support.apple.com/kb/HT6150