Apple CoreGraphics library fails to validate input when parsing the colorspace specification of an inline image embedded in a PDF content stream. This issue is an information leak vulnerability that improves the exploitability scenario of any application linked with this library. This enables the bypass of exploit mitigations such as ASLR/DEP/CodeSigning. In particular this article explores the exploitability of MobileSafari on IOS 7.1.x. This bug makes it possible to leak information about the memory layout to the MobileSafari Javascript environment using a crafted PDF file as an image improving the ability to exploit other issues.
more here...........http://blog.binamuse.com/2014/09/coregraphics-information-disclosure.html
more here...........http://blog.binamuse.com/2014/09/coregraphics-information-disclosure.html