Sign-up

ID

VAR-201503-0090


CVE

CVE-2015-1066


TITLE

Apple OS X of IOAcceleratorFamily Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-001780

DESCRIPTION

Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app. Failed exploit attempts may result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-03-09-3 Security Update 2015-002 Security Update 2015-002 is now available and addresses the following: iCloud Keychain Available for: OS X Yosemite v10.10.2 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: Multiple buffer overflows existed in the handling of data during iCloud Keychain recovery. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1065 : Andrey Belenko of NowSecure IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An off by one issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1066 : Ian Beer of Google Project Zero IOSurface Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in IOSurface's handling of serialized objects. The issue was addressed through additional type checking. CVE-ID CVE-2015-1061 : Ian Beer of Google Project Zero Kernel Available for: OS X Yosemite v10.10.2 Impact: Maliciously crafted or compromised applications may be able to determine addresses in the kernel Description: The mach_port_kobject kernel interface leaked kernel addresses and heap permutation value, which may aid in bypassing address space layout randomization protection. This was addressed by disabling the mach_port_kobject interface in production configurations. CVE-ID CVE-2014-4496 : TaiG Jailbreak Team Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys. CVE-ID CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of Prosecco at Inria Paris Security Update 2015-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJU/fmlAAoJEBcWfLTuOo7tiDQP/2pmrat21oSpVVCytKMELXhx QJ3IERRNcNOI/toYqEei7WH8XeiIBo2Eq2IRrxuNPqILEDJDzv47UfmyN9jwfgoo R73nGHR1NwbhlvB6ckfSRqb0uLGmT3Gs+fSQSEVzlWJfrUjqwWEQwZIZubEKW4DK F9PoKormSyciv+g0Aw0A4WvFTfAeM3qUcq3I6bIqSM76tUhzuq63TOz5e6KGoAvp VHm34OvVU/vt0YLvi3kw5mbxisYfJPyrfTzSRdD7ATvsPc8LGWP4tG46cKy6lBVe 7T7T5lb0ApRl7JEvy37KZCMvvd+OQr2YZA8HE06FrfGw8QvoQSKaHVMxib7shq1i but+lmTi7SUO3OY/5CqpJlSYUdaS3wTTEF6VuI3tsdHsGNNH1zync2+UmSKpIzyR TxbGyyozbdZ+R83ULE0jar9BsDFQR9VSNiNqDB89Y3Rx6rcePFXlQ1W2J7/yhS+N kYrlbNLeZdPFHfVKS+rl/spbEkOi+jp/W2NoBTRGwOU6eED5/YE6WN6podZZKW9b I3NWRzFnxtpk9Y/UldV1iPlZJQzTf8smP7dUZcweCDrFQg8QLhETENG0f4r2/30u i6DSLoFrdFE1Z1+mF3SG9++9f+PSvOXqt7iRrYJMyoPWbKtb9gxIOs8mK5T/D+vu TJDXCjMND7F2ZJFRim/F =7PU8 -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2015-1066 // JVNDB: JVNDB-2015-001780 // BID: 73001 // VULHUB: VHN-79026 // PACKETSTORM: 130743

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.10.2

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.10.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.8.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.2

Trust: 0.3

sources: BID: 73001 // JVNDB: JVNDB-2015-001780 // CNNVD: CNNVD-201503-293 // NVD: CVE-2015-1066

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-1066
value: HIGH

Trust: 1.0

NVD: CVE-2015-1066
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201503-293
value: CRITICAL

Trust: 0.6

VULHUB: VHN-79026
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-1066
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-79026
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-79026 // JVNDB: JVNDB-2015-001780 // CNNVD: CNNVD-201503-293 // NVD: CVE-2015-1066

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.9

sources: VULHUB: VHN-79026 // JVNDB: JVNDB-2015-001780 // NVD: CVE-2015-1066

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-293

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201503-293

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001780

PATCH
title:APPLE-SA-2015-03-09-3 Security Update 2015-002url:http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html
Trust: 0.8
title:HT204413url:http://support.apple.com/en-us/HT204413
Trust: 0.8
title:HT204413url:http://support.apple.com/ja-jp/HT204413
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-001780

EXTERNAL IDS
db:NVDid:CVE-2015-1066
Trust: 2.9
db:SECTRACKid:1031869
Trust: 1.1
db:JVNid:JVNVU90171154
Trust: 0.8
db:JVNDBid:JVNDB-2015-001780
Trust: 0.8
db:CNNVDid:CNNVD-201503-293
Trust: 0.6
db:BIDid:73001
Trust: 0.4
db:VULHUBid:VHN-79026
Trust: 0.1
db:PACKETSTORMid:130743
Trust: 0.1
sources:
            
            
            VULHUB: VHN-79026 // 
            
            
            
            BID: 73001 // 
            
            
            
            JVNDB: JVNDB-2015-001780 // 
            
            
            
            PACKETSTORM: 130743 // 
            
            
            
            CNNVD: CNNVD-201503-293 // 
            
            
            
            NVD: CVE-2015-1066

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/mar/msg00002.html
Trust: 1.7
url:https://support.apple.com/ht204413
Trust: 1.7
url:http://www.securitytracker.com/id/1031869
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1066
Trust: 0.8
url:http://jvn.jp/vu/jvnvu90171154/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1066
Trust: 0.8
url:https://www.apple.com/osx/
Trust: 0.3
url:http://support.apple.com/kb/ht1222?viewlocale=en_us
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2015-1065
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-1066
Trust: 0.1
url:http://www.apple.com/support/downloads/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-4496
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-1067
Trust: 0.1
url:http://support.apple.com/kb/ht1222
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-1061
Trust: 0.1
url:http://gpgtools.org
Trust: 0.1
sources:
            
            
            VULHUB: VHN-79026 // 
            
            
            
            BID: 73001 // 
            
            
            
            JVNDB: JVNDB-2015-001780 // 
            
            
            
            PACKETSTORM: 130743 // 
            
            
            
            CNNVD: CNNVD-201503-293 // 
            
            
            
            NVD: CVE-2015-1066

CREDITS
Ian Beer of Google Project Zero
Trust: 0.3
sources:
            
            
            BID: 73001

SOURCES
db:VULHUBid:VHN-79026
db:BIDid:73001
db:JVNDBid:JVNDB-2015-001780
db:PACKETSTORMid:130743
db:CNNVDid:CNNVD-201503-293
db:NVDid:CVE-2015-1066

LAST UPDATE DATE
2025-04-13T22:18:24.746000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-79026date:2015-09-11T00:00:00
db:BIDid:73001date:2015-03-09T00:00:00
db:JVNDBid:JVNDB-2015-001780date:2015-03-13T00:00:00
db:CNNVDid:CNNVD-201503-293date:2015-03-13T00:00:00
db:NVDid:CVE-2015-1066date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-79026date:2015-03-12T00:00:00
db:BIDid:73001date:2015-03-09T00:00:00
db:JVNDBid:JVNDB-2015-001780date:2015-03-13T00:00:00
db:PACKETSTORMid:130743date:2015-03-10T16:20:32
db:CNNVDid:CNNVD-201503-293date:2015-03-13T00:00:00
db:NVDid:CVE-2015-1066date:2015-03-12T10:59:11.317