Arbitrary code execution vulnerability in Apple Mac OS X - APPLE-SA-2014-09-29-1ID: oval:org.secpod.oval:def:21353 | Date: (C)2014-10-13 (M)2023-12-07 |
Class: PATCH | Family: macos |
The host is missing a security update according to Apple advisory, APPLE-SA-2014-09-29-1. The update is required to fix arbitrary code execution vulnerability. The flaw is present in the Bash's parsing of environment variables, which fails to handle certain vectors related to memory and crafted data. Successful exploitation allows attackers to execute remote code and have other impact.
Platform: |
Apple Mac OS X 10.8 |
Apple Mac OS X 10.9 |
Apple Mac OS X 10.10 |
Apple Mac OS X Server 10.8 |
Apple Mac OS X Server 10.9 |
Apple Mac OS X Server 10.10 |