CVE-2014-1372 | Vulnerability Database | Aqua Security

Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from kernel memory and bypass the ASLR protection mechanism via a crafted call.

Affected Software

Name	Vendor	Start Version	End Version
Mac_os_x	Apple	*	10.9.3 (including)
Mac_os_x	Apple	10.8.0 (including)	10.8.0 (including)
Mac_os_x	Apple	10.8.1 (including)	10.8.1 (including)
Mac_os_x	Apple	10.8.2 (including)	10.8.2 (including)
Mac_os_x	Apple	10.8.3 (including)	10.8.3 (including)
Mac_os_x	Apple	10.8.4 (including)	10.8.4 (including)
Mac_os_x	Apple	10.8.5 (including)	10.8.5 (including)
Mac_os_x	Apple	10.8.5-supplemental_update (including)	10.8.5-supplemental_update (including)
Mac_os_x	Apple	10.9 (including)	10.9 (including)
Mac_os_x	Apple	10.9.1 (including)	10.9.1 (including)
Mac_os_x	Apple	10.9.2 (including)	10.9.2 (including)

References

http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html
http://secunia.com/advisories/59475
http://support.apple.com/kb/HT6296
http://www.securitytracker.com/id/1030505
https://code.google.com/p/google-security-research/issues/detail?id=18

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-1372
CWE	https://cwe.mitre.org/data/definitions/264.html