CVE-2014-8817

Name of the Vulnerable Software and Affected Versions Apple OS X versions prior to 10.10.2

Description The issue allows attackers to execute arbitrary code in a privileged context via a crafted app. This is due to the lack of verification of expected data types in XPC messages. Specifically, the xpc dictionary get value API return values are not properly verified during handling of certain commands, including match mmap archives, delete mmap archives, write mmap archive, and read mmap archive.

Recommendations For Apple OS X versions prior to 10.10.2, update to version 10.10.2 or later to resolve the issue.