The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apple
Published: 2015-01-30T11:00:00
Updated: 2024-08-06T13:26:02.615Z
Reserved: 2014-11-14T00:00:00
Link: CVE-2014-8835
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-01-30T11:59:44.673
Modified: 2024-11-21T02:19:49.820
Link: CVE-2014-8835
Redhat
No data.