CVE-2014-8834
low
CVSS v3
—
CVSS v2
2.1
VIR risk
2.1
Description
UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: product-security@apple.com — http://support.apple.com/HT204244
Vendor advisory: product-security@apple.com — http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| macos | 10.10.0 | affected | |
| macos | 10.10.1 | affected | |
References
- http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
- http://support.apple.com/HT204244
- http://www.securitytracker.com/id/1031650
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100531
- http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
- http://support.apple.com/HT204244
- http://www.securitytracker.com/id/1031650
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100531
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.