NVD

Id
35754  
Name
CVE-2014-8838  
Description
The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2015-01-30  
Modified Date
2015-11-23  
Seq
2014-8838  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
183120 35754 CVE-2014-8838 APPLE-SA-2015-01-27-4  View
183121 35754 CVE-2014-8838 http://support.apple.com/HT204244  View
183122 35754 CVE-2014-8838 1031650  View
183123 35754 CVE-2014-8838 macosx-cve20148838-sec-bypass(100525)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
5995 JVNDB-2015-001315 Apple OS X の Security コンポーネントにおける Gatekeeper 保護メカニズムを回避される脆弱性 Apple OS X の Security コンポーネントは、アプリケーションの証明書のキャッシュされた情報を適切に処理しないため、Gatekeeper 保護メカニズムを回避される脆弱性が存在します。 CVE-2014-8838 76131 CVE-2014-8838 35754 4.3 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-001315.html 2015-01-27 2015-02-12 View