Arbitrary Code Execution and Denial of Service Vulnerability in Thunderbolt for Apple OS X

Arbitrary Code Execution and Denial of Service Vulnerability in Thunderbolt for Apple OS X

CVE-2014-1381 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted call.

Learn more about our Api Penetration Testing.