VIR Vulnerability Intelligence Relay

CVE-2014-4499

low
Published 2015-01-30 · Modified 2026-05-06
CVSS v3
CVSS v2
2.1
VIR risk
2.1

Description

The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — http://support.apple.com/HT204244

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

OS impact
OSVersionStatusFixed in
macos macosaffected

References

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.