VARIoT IoT vulnerabilities database
| VAR-201501-0636 | CVE-2014-4493 | Apple iOS of MobileInstallation of app-installation Vulnerability in function that gains control of local application container |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app. Apple iOS is prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect iTunes Store, MobileInstallation, Springboard, and WebKit components.
Attackers can exploit these issues to gain unauthorized access, perform unauthorized actions, bypass security restrictions, and perform other attacks.
These issues affect iOS versions prior to 8.1.3. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. MobileInstallation is a necessary component to install AppStore cracked software
| VAR-201501-0635 | CVE-2014-4492 | plural Apple Product libnetcore In _networkd Vulnerability to execute arbitrary code in context |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlCrafted by an attacker from a sandbox application XPC Via message _networkd Arbitrary code in context may be executed. Multiple Apple products are prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect CoreGraphics, FontParser, Foundation, IOAcceleratorFamily, IOHIDFamily, Kernel, and libnetcoreCore components.
Attackers can exploit these issues to execute arbitrary code, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions. CoreGraphics is an iOS built-in drawing framework. A security vulnerability exists in libnetcore of several Apple products due to the program not properly validating values with expected data types.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-3192 : cloudfuzzer
CVE-2014-4459
CVE-2014-4466 : Apple
CVE-2014-4468 : Apple
CVE-2014-4469 : Apple
CVE-2014-4470 : Apple
CVE-2014-4471 : Apple
CVE-2014-4472 : Apple
CVE-2014-4473 : Apple
CVE-2014-4474 : Apple
CVE-2014-4475 : Apple
CVE-2014-4476 : Apple
CVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day Initiative
CVE-2014-4479 : Apple
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.1.3". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
OS X 10.10.2 and Security Update 2015-001 are now available and
address the following:
AFP Server
Available for: OS X Mavericks v10.9.5
Impact: A remote attacker may be able to determine all the network
addresses of the system
Description: The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
bash
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in bash, including one that may
allow local attackers to execute arbitrary code
Description: Multiple vulnerabilities existed in bash. These issues
were addressed by updating bash to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
Bluetooth
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer signedness error existed in
IOBluetoothFamily which allowed manipulation of kernel memory. This
issue was addressed through improved bounds checking. This issue does
not affect OS X Yosemite systems.
CVE-ID
CVE-2014-4497
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An error existed in the Bluetooth driver that allowed a
malicious application to control the size of a write to kernel
memory. The issue was addressed through additional input validation.
CVE-ID
CVE-2014-8836 : Ian Beer of Google Project Zero
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple security issues existed in the Bluetooth
driver, allowing a malicious application to execute arbitrary code
with system privilege. The issues were addressed through additional
input validation.
CVE-ID
CVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze
Networks
CFNetwork Cache
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Website cache may not be fully cleared after leaving private
browsing
Description: A privacy issue existed where browsing data could
remain in the cache after leaving private browsing. This issue was
addressed through a change in caching behavior.
CVE-ID
CVE-2014-4460
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
CPU Software
Available for: OS X Yosemite v10.10 and v10.10.1,
for: MacBook Pro Retina, MacBook Air (Mid 2013 and later),
iMac (Late 2013 and later), Mac Pro (Late 2013)
Impact: A malicious Thunderbolt device may be able to affect
firmware flashing
Description: Thunderbolt devices could modify the host firmware if
connected during an EFI update. This issue was addressed by not
loading option ROMs during updates.
CVE-ID
CVE-2014-4498 : Trammell Hudson of Two Sigma Investments
CommerceKit Framework
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: An attacker with access to a system may be able to recover
Apple ID credentials
Description: An issue existed in the handling of App Store logs. The
App Store process could log Apple ID credentials in the log when
additional logging was enabled. This issue was addressed by
disallowing logging of credentials.
CVE-ID
CVE-2014-4499 : Sten Petersen
CoreGraphics
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Some third-party applications with non-secure text entry and
mouse events may log those events
Description: Due to the combination of an uninitialized variable and
an application's custom allocator, non-secure text entry and mouse
events may have been logged. This issue was addressed by ensuring
that logging is off by default. This issue did not affect systems
prior to OS X Yosemite.
CVE-ID
CVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
PDF files. The issue was addressed through improved bounds checking.
This issue does not affect OS X Yosemite systems.
CVE-ID
CVE-2014-8816 : Mike Myers, of Digital Operatives LLC
CoreSymbolication
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple type confusion issues existed in
coresymbolicationd's handling of XPC messages. These issues were
addressed through improved type checking.
CVE-ID
CVE-2014-8817 : Ian Beer of Google Project Zero
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
Foundation
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in Intel graphics driver
Description: Multiple vulnerabilities existed in the Intel graphics
driver, the most serious of which may have led to arbitrary code
execution with system privileges. This update addresses the issues
through additional bounds checks.
CVE-ID
CVE-2014-8819 : Ian Beer of Google Project Zero
CVE-2014-8820 : Ian Beer of Google Project Zero
CVE-2014-8821 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of certain IOService userclient types.
This issue was addressed through improved validation of
IOAcceleratorFamily contexts.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed with improved bounds checking.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation of IOHIDFamily event queue initialization.
CVE-ID
CVE-2014-4489 : @beist
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: A bounds checking issue existed in a user client vended
by the IOHIDFamily driver which allowed a malicious application to
overwrite arbitrary portions of the kernel address space. The issue
is addressed by removing the vulnerable user client method.
CVE-ID
CVE-2014-8822 : Vitaliy Toropov working with HP's Zero Day Initiative
IOKit
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
IOUSBFamily
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A privileged application may be able to read arbitrary data
from kernel memory
Description: A memory access issue existed in the handling of IOUSB
controller user client functions. This issue was addressed through
improved argument validation.
CVE-ID
CVE-2014-8823 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Specifying a custom cache mode allowed writing to
kernel read-only shared memory segments. This issue was addressed by
not granting write permissions as a side-effect of some custom cache
modes.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-8824 : @PanguTeam
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local attacker can spoof directory service responses to
the kernel, elevate privileges, or gain kernel execution
Description: Issues existed in identitysvc validation of the
directory service resolving process, flag handling, and error
handling. This issue was addressed through improved validation.
CVE-ID
CVE-2014-8825 : Alex Radocea of CrowdStrike
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: OS X Mavericks v10.9.5
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IOSharedDataQueue objects. This issue was
addressed through relocation of the metadata.
CVE-ID
CVE-2014-4461 : @PanguTeam
LaunchServices
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious JAR file may bypass Gatekeeper checks
Description: An issue existed in the handling of application
launches which allowed certain malicious JAR files to bypass
Gatekeeper checks.
CVE-ID
CVE-2014-8826 : Hernan Ochoa of Amplia Security
libnetcore
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
LoginWindow
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A Mac may not lock immediately upon wake
Description: An issue existed in the rendering of the lock screen.
This issue was address through improved screen rendering while
locked.
CVE-ID
CVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed
testers
lukemftp
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Using the command line ftp tool to fetch files from a
malicious http server may lead to arbitrary code execution
Description: A command injection issue existed in the handling of
HTTP redirects. This issue was addressed through improved validation
of special characters.
CVE-ID
CVE-2014-8517
OpenSSL
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one
that may allow an attacker to downgrade connections to use weaker
cipher-suites in applications using the library
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8za.
These issues were addressed by updating OpenSSL to version 0.9.8zc.
CVE-ID
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
Sandbox
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A design issue existed in the caching of sandbox
profiles which allowed sandboxed applications to gain write access to
the cache. This issue was addressed by restricting write access to
paths containing a "com.apple.sandbox" segment. This issue does
not affect OS X Yosemite v10.10 or later.
CVE-ID
CVE-2014-8828 : Apple
SceneKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: Multiple out of bounds write issues existed in
SceneKit. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2014-8829 : Jose Duart of the Google Security Team
SceneKit
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted Collada file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in SceneKit's handling
of Collada files. Viewing a maliciously crafted Collada file may have
led to an unexpected application termination or arbitrary code
execution. This issue was addressed through improved validation of
accessor elements.
CVE-ID
CVE-2014-8830 : Jose Duart of Google Security Team
Security
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A downloaded application signed with a revoked Developer ID
certificate may pass Gatekeeper checks
Description: An issue existed with how cached application
certificate information was evaluated. This issue was addressed with
cache logic improvements.
CVE-ID
CVE-2014-8838 : Apple
security_taskgate
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: An app may access keychain items belonging to other apps
Description: An access control issue existed in the Keychain.
Applications signed with self-signed or Developer ID certificates
could access keychain items whose access control lists were based on
keychain groups. This issue was addressed by validating the signing
identity when granting access to keychain groups.
CVE-ID
CVE-2014-8831 : Apple
Spotlight
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: The sender of an email could determine the IP address of the
recipient
Description: Spotlight did not check the status of Mail's "Load
remote content in messages" setting. This issue was addressed by
improving configuration checking.
CVE-ID
CVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of
LastFriday.no
Spotlight
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may save unexpected information to an external
hard drive
Description: An issue existed in Spotlight where memory contents may
have been written to external hard drives when indexing. This issue
was addressed with better memory management.
CVE-ID
CVE-2014-8832 : F-Secure
SpotlightIndex
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may display results for files not belonging to the
user
Description: A deserialization issue existed in Spotlight's handling
of permission caches. A user performing a Spotlight query may have
been shown search results referencing files for which they don't have
sufficient privileges to read. This issue was addressed with improved
bounds checking.
CVE-ID
CVE-2014-8833 : David J Peacock, Independent Technology Consultant
sysmond
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: A type confusion vulnerability existed in sysmond that
allowed a local application to escalate privileges. The issue was
addressed with improved type checking.
CVE-ID
CVE-2014-8835 : Ian Beer of Google Project Zero
UserAccountUpdater
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Printing-related preference files may contain sensitive
information about PDF documents
Description: OS X Yosemite v10.10 addressed an issue in the handling
of password-protected PDF files created from the Print dialog where
passwords may have been included in printing preference files. This
update removes such extraneous information that may have been present
in printing preference files.
CVE-ID
CVE-2014-8834 : Apple
Note: OS X Yosemite 10.10.2 includes the security content of Safari
8.0.3. For further details see https://support.apple.com/kb/HT204243
OS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F
N9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET
D1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG
LqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX
FcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6
8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/
qmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW
gzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V
0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA
0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns
sAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq
nggZl3Sa+QhfaHSUqSJI
=uAqk
-----END PGP SIGNATURE-----
| VAR-201501-0634 | CVE-2014-4491 | plural Apple Extending the product kernel API In ASLR Vulnerabilities that circumvent protection mechanisms |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. Multiple Apple products are prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect CoreGraphics, FontParser, Foundation, IOAcceleratorFamily, IOHIDFamily, Kernel, and libnetcoreCore components.
Attackers can exploit these issues to execute arbitrary code, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions. in the United States. Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition TV set-top box product; Apple OS X is a dedicated operating system developed for Mac computers. The vulnerability originates from the display address of the OSBundleMachOHeaders key in the response information. Attackers can exploit this vulnerability with specially crafted applications to bypass the ASLR protection mechanism.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-3192 : cloudfuzzer
CVE-2014-4459
CVE-2014-4466 : Apple
CVE-2014-4468 : Apple
CVE-2014-4469 : Apple
CVE-2014-4470 : Apple
CVE-2014-4471 : Apple
CVE-2014-4472 : Apple
CVE-2014-4473 : Apple
CVE-2014-4474 : Apple
CVE-2014-4475 : Apple
CVE-2014-4476 : Apple
CVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day Initiative
CVE-2014-4479 : Apple
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.1.3". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
OS X 10.10.2 and Security Update 2015-001 are now available and
address the following:
AFP Server
Available for: OS X Mavericks v10.9.5
Impact: A remote attacker may be able to determine all the network
addresses of the system
Description: The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
bash
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in bash, including one that may
allow local attackers to execute arbitrary code
Description: Multiple vulnerabilities existed in bash. These issues
were addressed by updating bash to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
Bluetooth
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer signedness error existed in
IOBluetoothFamily which allowed manipulation of kernel memory. This
issue was addressed through improved bounds checking. This issue does
not affect OS X Yosemite systems.
CVE-ID
CVE-2014-4497
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An error existed in the Bluetooth driver that allowed a
malicious application to control the size of a write to kernel
memory. The issue was addressed through additional input validation.
CVE-ID
CVE-2014-8836 : Ian Beer of Google Project Zero
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple security issues existed in the Bluetooth
driver, allowing a malicious application to execute arbitrary code
with system privilege. The issues were addressed through additional
input validation.
CVE-ID
CVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze
Networks
CFNetwork Cache
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Website cache may not be fully cleared after leaving private
browsing
Description: A privacy issue existed where browsing data could
remain in the cache after leaving private browsing. This issue was
addressed through a change in caching behavior.
CVE-ID
CVE-2014-4460
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
CPU Software
Available for: OS X Yosemite v10.10 and v10.10.1,
for: MacBook Pro Retina, MacBook Air (Mid 2013 and later),
iMac (Late 2013 and later), Mac Pro (Late 2013)
Impact: A malicious Thunderbolt device may be able to affect
firmware flashing
Description: Thunderbolt devices could modify the host firmware if
connected during an EFI update. This issue was addressed by not
loading option ROMs during updates.
CVE-ID
CVE-2014-4498 : Trammell Hudson of Two Sigma Investments
CommerceKit Framework
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: An attacker with access to a system may be able to recover
Apple ID credentials
Description: An issue existed in the handling of App Store logs. The
App Store process could log Apple ID credentials in the log when
additional logging was enabled. This issue was addressed by
disallowing logging of credentials.
CVE-ID
CVE-2014-4499 : Sten Petersen
CoreGraphics
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Some third-party applications with non-secure text entry and
mouse events may log those events
Description: Due to the combination of an uninitialized variable and
an application's custom allocator, non-secure text entry and mouse
events may have been logged. This issue was addressed by ensuring
that logging is off by default. This issue did not affect systems
prior to OS X Yosemite.
CVE-ID
CVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
PDF files. The issue was addressed through improved bounds checking.
This issue does not affect OS X Yosemite systems.
CVE-ID
CVE-2014-8816 : Mike Myers, of Digital Operatives LLC
CoreSymbolication
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple type confusion issues existed in
coresymbolicationd's handling of XPC messages. These issues were
addressed through improved type checking.
CVE-ID
CVE-2014-8817 : Ian Beer of Google Project Zero
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
Foundation
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in Intel graphics driver
Description: Multiple vulnerabilities existed in the Intel graphics
driver, the most serious of which may have led to arbitrary code
execution with system privileges. This update addresses the issues
through additional bounds checks.
CVE-ID
CVE-2014-8819 : Ian Beer of Google Project Zero
CVE-2014-8820 : Ian Beer of Google Project Zero
CVE-2014-8821 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of certain IOService userclient types.
This issue was addressed through improved validation of
IOAcceleratorFamily contexts.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed with improved bounds checking.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation of IOHIDFamily event queue initialization.
CVE-ID
CVE-2014-4489 : @beist
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: A bounds checking issue existed in a user client vended
by the IOHIDFamily driver which allowed a malicious application to
overwrite arbitrary portions of the kernel address space. The issue
is addressed by removing the vulnerable user client method.
CVE-ID
CVE-2014-8822 : Vitaliy Toropov working with HP's Zero Day Initiative
IOKit
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
IOUSBFamily
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A privileged application may be able to read arbitrary data
from kernel memory
Description: A memory access issue existed in the handling of IOUSB
controller user client functions. This issue was addressed through
improved argument validation.
CVE-ID
CVE-2014-8823 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Specifying a custom cache mode allowed writing to
kernel read-only shared memory segments. This issue was addressed by
not granting write permissions as a side-effect of some custom cache
modes.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-8824 : @PanguTeam
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local attacker can spoof directory service responses to
the kernel, elevate privileges, or gain kernel execution
Description: Issues existed in identitysvc validation of the
directory service resolving process, flag handling, and error
handling. This issue was addressed through improved validation.
CVE-ID
CVE-2014-8825 : Alex Radocea of CrowdStrike
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: OS X Mavericks v10.9.5
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IOSharedDataQueue objects. This issue was
addressed through relocation of the metadata.
CVE-ID
CVE-2014-4461 : @PanguTeam
LaunchServices
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious JAR file may bypass Gatekeeper checks
Description: An issue existed in the handling of application
launches which allowed certain malicious JAR files to bypass
Gatekeeper checks. This issue was addressed through improved handling
of file type metadata.
CVE-ID
CVE-2014-8826 : Hernan Ochoa of Amplia Security
libnetcore
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. By sending networkd a
maliciously formatted message, it may have been possible to execute
arbitrary code as the networkd process. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
LoginWindow
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A Mac may not lock immediately upon wake
Description: An issue existed in the rendering of the lock screen.
This issue was address through improved screen rendering while
locked.
CVE-ID
CVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed
testers
lukemftp
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Using the command line ftp tool to fetch files from a
malicious http server may lead to arbitrary code execution
Description: A command injection issue existed in the handling of
HTTP redirects. This issue was addressed through improved validation
of special characters.
CVE-ID
CVE-2014-8517
OpenSSL
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one
that may allow an attacker to downgrade connections to use weaker
cipher-suites in applications using the library
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8za.
These issues were addressed by updating OpenSSL to version 0.9.8zc.
CVE-ID
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
Sandbox
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A design issue existed in the caching of sandbox
profiles which allowed sandboxed applications to gain write access to
the cache. This issue was addressed by restricting write access to
paths containing a "com.apple.sandbox" segment. This issue does
not affect OS X Yosemite v10.10 or later.
CVE-ID
CVE-2014-8828 : Apple
SceneKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: Multiple out of bounds write issues existed in
SceneKit. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2014-8829 : Jose Duart of the Google Security Team
SceneKit
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted Collada file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in SceneKit's handling
of Collada files. Viewing a maliciously crafted Collada file may have
led to an unexpected application termination or arbitrary code
execution. This issue was addressed through improved validation of
accessor elements.
CVE-ID
CVE-2014-8830 : Jose Duart of Google Security Team
Security
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A downloaded application signed with a revoked Developer ID
certificate may pass Gatekeeper checks
Description: An issue existed with how cached application
certificate information was evaluated. This issue was addressed with
cache logic improvements.
CVE-ID
CVE-2014-8838 : Apple
security_taskgate
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: An app may access keychain items belonging to other apps
Description: An access control issue existed in the Keychain.
Applications signed with self-signed or Developer ID certificates
could access keychain items whose access control lists were based on
keychain groups. This issue was addressed by validating the signing
identity when granting access to keychain groups.
CVE-ID
CVE-2014-8831 : Apple
Spotlight
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: The sender of an email could determine the IP address of the
recipient
Description: Spotlight did not check the status of Mail's "Load
remote content in messages" setting. This issue was addressed by
improving configuration checking.
CVE-ID
CVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of
LastFriday.no
Spotlight
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may save unexpected information to an external
hard drive
Description: An issue existed in Spotlight where memory contents may
have been written to external hard drives when indexing. This issue
was addressed with better memory management.
CVE-ID
CVE-2014-8832 : F-Secure
SpotlightIndex
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may display results for files not belonging to the
user
Description: A deserialization issue existed in Spotlight's handling
of permission caches. A user performing a Spotlight query may have
been shown search results referencing files for which they don't have
sufficient privileges to read. This issue was addressed with improved
bounds checking.
CVE-ID
CVE-2014-8833 : David J Peacock, Independent Technology Consultant
sysmond
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: A type confusion vulnerability existed in sysmond that
allowed a local application to escalate privileges. The issue was
addressed with improved type checking.
CVE-ID
CVE-2014-8835 : Ian Beer of Google Project Zero
UserAccountUpdater
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Printing-related preference files may contain sensitive
information about PDF documents
Description: OS X Yosemite v10.10 addressed an issue in the handling
of password-protected PDF files created from the Print dialog where
passwords may have been included in printing preference files. This
update removes such extraneous information that may have been present
in printing preference files.
CVE-ID
CVE-2014-8834 : Apple
Note: OS X Yosemite 10.10.2 includes the security content of Safari
8.0.3. For further details see https://support.apple.com/kb/HT204243
OS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F
N9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET
D1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG
LqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX
FcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6
8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/
qmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW
gzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V
0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA
0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns
sAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq
nggZl3Sa+QhfaHSUqSJI
=uAqk
-----END PGP SIGNATURE-----
| VAR-201501-0632 | CVE-2014-4488 | plural Apple Product IOHIDFamily Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlAn attacker could execute arbitrary code in a privileged context through a crafted application. Multiple Apple products are prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect CoreGraphics, FontParser, Foundation, IOAcceleratorFamily, IOHIDFamily, Kernel, and libnetcoreCore components. Failed attacks may cause denial-of-service conditions. in the United States. The vulnerability stems from the program not properly validating resource-queue metadata.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-3192 : cloudfuzzer
CVE-2014-4459
CVE-2014-4466 : Apple
CVE-2014-4468 : Apple
CVE-2014-4469 : Apple
CVE-2014-4470 : Apple
CVE-2014-4471 : Apple
CVE-2014-4472 : Apple
CVE-2014-4473 : Apple
CVE-2014-4474 : Apple
CVE-2014-4475 : Apple
CVE-2014-4476 : Apple
CVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day Initiative
CVE-2014-4479 : Apple
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.1.3". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
OS X 10.10.2 and Security Update 2015-001 are now available and
address the following:
AFP Server
Available for: OS X Mavericks v10.9.5
Impact: A remote attacker may be able to determine all the network
addresses of the system
Description: The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
bash
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in bash, including one that may
allow local attackers to execute arbitrary code
Description: Multiple vulnerabilities existed in bash. These issues
were addressed by updating bash to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
Bluetooth
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer signedness error existed in
IOBluetoothFamily which allowed manipulation of kernel memory. This
issue was addressed through improved bounds checking. This issue does
not affect OS X Yosemite systems.
CVE-ID
CVE-2014-4497
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An error existed in the Bluetooth driver that allowed a
malicious application to control the size of a write to kernel
memory. The issue was addressed through additional input validation.
CVE-ID
CVE-2014-8836 : Ian Beer of Google Project Zero
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple security issues existed in the Bluetooth
driver, allowing a malicious application to execute arbitrary code
with system privilege. The issues were addressed through additional
input validation.
CVE-ID
CVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze
Networks
CFNetwork Cache
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Website cache may not be fully cleared after leaving private
browsing
Description: A privacy issue existed where browsing data could
remain in the cache after leaving private browsing. This issue was
addressed through a change in caching behavior.
CVE-ID
CVE-2014-4460
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
CPU Software
Available for: OS X Yosemite v10.10 and v10.10.1,
for: MacBook Pro Retina, MacBook Air (Mid 2013 and later),
iMac (Late 2013 and later), Mac Pro (Late 2013)
Impact: A malicious Thunderbolt device may be able to affect
firmware flashing
Description: Thunderbolt devices could modify the host firmware if
connected during an EFI update. This issue was addressed by not
loading option ROMs during updates.
CVE-ID
CVE-2014-4498 : Trammell Hudson of Two Sigma Investments
CommerceKit Framework
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: An attacker with access to a system may be able to recover
Apple ID credentials
Description: An issue existed in the handling of App Store logs. The
App Store process could log Apple ID credentials in the log when
additional logging was enabled. This issue was addressed by
disallowing logging of credentials.
CVE-ID
CVE-2014-4499 : Sten Petersen
CoreGraphics
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Some third-party applications with non-secure text entry and
mouse events may log those events
Description: Due to the combination of an uninitialized variable and
an application's custom allocator, non-secure text entry and mouse
events may have been logged. This issue was addressed by ensuring
that logging is off by default. This issue did not affect systems
prior to OS X Yosemite.
CVE-ID
CVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
PDF files. The issue was addressed through improved bounds checking.
This issue does not affect OS X Yosemite systems.
CVE-ID
CVE-2014-8816 : Mike Myers, of Digital Operatives LLC
CoreSymbolication
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple type confusion issues existed in
coresymbolicationd's handling of XPC messages. These issues were
addressed through improved type checking.
CVE-ID
CVE-2014-8817 : Ian Beer of Google Project Zero
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
Foundation
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in Intel graphics driver
Description: Multiple vulnerabilities existed in the Intel graphics
driver, the most serious of which may have led to arbitrary code
execution with system privileges. This update addresses the issues
through additional bounds checks.
CVE-ID
CVE-2014-8819 : Ian Beer of Google Project Zero
CVE-2014-8820 : Ian Beer of Google Project Zero
CVE-2014-8821 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of certain IOService userclient types.
This issue was addressed through improved validation of
IOAcceleratorFamily contexts.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed with improved bounds checking.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation of IOHIDFamily event queue initialization.
CVE-ID
CVE-2014-4489 : @beist
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: A bounds checking issue existed in a user client vended
by the IOHIDFamily driver which allowed a malicious application to
overwrite arbitrary portions of the kernel address space. The issue
is addressed by removing the vulnerable user client method.
CVE-ID
CVE-2014-8822 : Vitaliy Toropov working with HP's Zero Day Initiative
IOKit
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
IOUSBFamily
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A privileged application may be able to read arbitrary data
from kernel memory
Description: A memory access issue existed in the handling of IOUSB
controller user client functions. This issue was addressed through
improved argument validation.
CVE-ID
CVE-2014-8823 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Specifying a custom cache mode allowed writing to
kernel read-only shared memory segments. This issue was addressed by
not granting write permissions as a side-effect of some custom cache
modes.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-8824 : @PanguTeam
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local attacker can spoof directory service responses to
the kernel, elevate privileges, or gain kernel execution
Description: Issues existed in identitysvc validation of the
directory service resolving process, flag handling, and error
handling. This issue was addressed through improved validation.
CVE-ID
CVE-2014-8825 : Alex Radocea of CrowdStrike
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: OS X Mavericks v10.9.5
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IOSharedDataQueue objects. This issue was
addressed through relocation of the metadata.
CVE-ID
CVE-2014-4461 : @PanguTeam
LaunchServices
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious JAR file may bypass Gatekeeper checks
Description: An issue existed in the handling of application
launches which allowed certain malicious JAR files to bypass
Gatekeeper checks.
CVE-ID
CVE-2014-8826 : Hernan Ochoa of Amplia Security
libnetcore
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
LoginWindow
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A Mac may not lock immediately upon wake
Description: An issue existed in the rendering of the lock screen.
This issue was address through improved screen rendering while
locked.
CVE-ID
CVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed
testers
lukemftp
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Using the command line ftp tool to fetch files from a
malicious http server may lead to arbitrary code execution
Description: A command injection issue existed in the handling of
HTTP redirects. This issue was addressed through improved validation
of special characters.
CVE-ID
CVE-2014-8517
OpenSSL
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one
that may allow an attacker to downgrade connections to use weaker
cipher-suites in applications using the library
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8za.
These issues were addressed by updating OpenSSL to version 0.9.8zc.
CVE-ID
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
Sandbox
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A design issue existed in the caching of sandbox
profiles which allowed sandboxed applications to gain write access to
the cache. This issue was addressed by restricting write access to
paths containing a "com.apple.sandbox" segment. This issue does
not affect OS X Yosemite v10.10 or later.
CVE-ID
CVE-2014-8828 : Apple
SceneKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: Multiple out of bounds write issues existed in
SceneKit. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2014-8829 : Jose Duart of the Google Security Team
SceneKit
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted Collada file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in SceneKit's handling
of Collada files. This issue was addressed through improved validation of
accessor elements.
CVE-ID
CVE-2014-8830 : Jose Duart of Google Security Team
Security
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A downloaded application signed with a revoked Developer ID
certificate may pass Gatekeeper checks
Description: An issue existed with how cached application
certificate information was evaluated. This issue was addressed with
cache logic improvements.
CVE-ID
CVE-2014-8838 : Apple
security_taskgate
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: An app may access keychain items belonging to other apps
Description: An access control issue existed in the Keychain.
Applications signed with self-signed or Developer ID certificates
could access keychain items whose access control lists were based on
keychain groups. This issue was addressed by validating the signing
identity when granting access to keychain groups.
CVE-ID
CVE-2014-8831 : Apple
Spotlight
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: The sender of an email could determine the IP address of the
recipient
Description: Spotlight did not check the status of Mail's "Load
remote content in messages" setting. This issue was addressed by
improving configuration checking.
CVE-ID
CVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of
LastFriday.no
Spotlight
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may save unexpected information to an external
hard drive
Description: An issue existed in Spotlight where memory contents may
have been written to external hard drives when indexing. This issue
was addressed with better memory management.
CVE-ID
CVE-2014-8832 : F-Secure
SpotlightIndex
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may display results for files not belonging to the
user
Description: A deserialization issue existed in Spotlight's handling
of permission caches. A user performing a Spotlight query may have
been shown search results referencing files for which they don't have
sufficient privileges to read. This issue was addressed with improved
bounds checking.
CVE-ID
CVE-2014-8833 : David J Peacock, Independent Technology Consultant
sysmond
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: A type confusion vulnerability existed in sysmond that
allowed a local application to escalate privileges. The issue was
addressed with improved type checking.
CVE-ID
CVE-2014-8835 : Ian Beer of Google Project Zero
UserAccountUpdater
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Printing-related preference files may contain sensitive
information about PDF documents
Description: OS X Yosemite v10.10 addressed an issue in the handling
of password-protected PDF files created from the Print dialog where
passwords may have been included in printing preference files. This
update removes such extraneous information that may have been present
in printing preference files.
CVE-ID
CVE-2014-8834 : Apple
Note: OS X Yosemite 10.10.2 includes the security content of Safari
8.0.3. For further details see https://support.apple.com/kb/HT204243
OS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F
N9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET
D1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG
LqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX
FcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6
8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/
qmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW
gzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V
0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA
0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns
sAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq
nggZl3Sa+QhfaHSUqSJI
=uAqk
-----END PGP SIGNATURE-----
| VAR-201501-0633 | CVE-2014-4489 | plural Apple Product IOHIDFamily Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Multiple Apple products are prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect CoreGraphics, FontParser, Foundation, IOAcceleratorFamily, IOHIDFamily, Kernel, and libnetcoreCore components.
Attackers can exploit these issues to execute arbitrary code, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions. in the United States. Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition TV set-top box product; Apple OS X is a dedicated operating system developed for Mac computers.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-3192 : cloudfuzzer
CVE-2014-4459
CVE-2014-4466 : Apple
CVE-2014-4468 : Apple
CVE-2014-4469 : Apple
CVE-2014-4470 : Apple
CVE-2014-4471 : Apple
CVE-2014-4472 : Apple
CVE-2014-4473 : Apple
CVE-2014-4474 : Apple
CVE-2014-4475 : Apple
CVE-2014-4476 : Apple
CVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day Initiative
CVE-2014-4479 : Apple
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.1.3". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
OS X 10.10.2 and Security Update 2015-001 are now available and
address the following:
AFP Server
Available for: OS X Mavericks v10.9.5
Impact: A remote attacker may be able to determine all the network
addresses of the system
Description: The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
bash
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in bash, including one that may
allow local attackers to execute arbitrary code
Description: Multiple vulnerabilities existed in bash. These issues
were addressed by updating bash to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
Bluetooth
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer signedness error existed in
IOBluetoothFamily which allowed manipulation of kernel memory. This
issue was addressed through improved bounds checking. This issue does
not affect OS X Yosemite systems.
CVE-ID
CVE-2014-4497
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An error existed in the Bluetooth driver that allowed a
malicious application to control the size of a write to kernel
memory. The issue was addressed through additional input validation.
CVE-ID
CVE-2014-8836 : Ian Beer of Google Project Zero
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple security issues existed in the Bluetooth
driver, allowing a malicious application to execute arbitrary code
with system privilege. The issues were addressed through additional
input validation.
CVE-ID
CVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze
Networks
CFNetwork Cache
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Website cache may not be fully cleared after leaving private
browsing
Description: A privacy issue existed where browsing data could
remain in the cache after leaving private browsing. This issue was
addressed through a change in caching behavior.
CVE-ID
CVE-2014-4460
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
CPU Software
Available for: OS X Yosemite v10.10 and v10.10.1,
for: MacBook Pro Retina, MacBook Air (Mid 2013 and later),
iMac (Late 2013 and later), Mac Pro (Late 2013)
Impact: A malicious Thunderbolt device may be able to affect
firmware flashing
Description: Thunderbolt devices could modify the host firmware if
connected during an EFI update. This issue was addressed by not
loading option ROMs during updates.
CVE-ID
CVE-2014-4498 : Trammell Hudson of Two Sigma Investments
CommerceKit Framework
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: An attacker with access to a system may be able to recover
Apple ID credentials
Description: An issue existed in the handling of App Store logs. The
App Store process could log Apple ID credentials in the log when
additional logging was enabled. This issue was addressed by
disallowing logging of credentials.
CVE-ID
CVE-2014-4499 : Sten Petersen
CoreGraphics
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Some third-party applications with non-secure text entry and
mouse events may log those events
Description: Due to the combination of an uninitialized variable and
an application's custom allocator, non-secure text entry and mouse
events may have been logged. This issue was addressed by ensuring
that logging is off by default. This issue did not affect systems
prior to OS X Yosemite.
CVE-ID
CVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
PDF files. The issue was addressed through improved bounds checking.
This issue does not affect OS X Yosemite systems.
CVE-ID
CVE-2014-8816 : Mike Myers, of Digital Operatives LLC
CoreSymbolication
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple type confusion issues existed in
coresymbolicationd's handling of XPC messages. These issues were
addressed through improved type checking.
CVE-ID
CVE-2014-8817 : Ian Beer of Google Project Zero
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
Foundation
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in Intel graphics driver
Description: Multiple vulnerabilities existed in the Intel graphics
driver, the most serious of which may have led to arbitrary code
execution with system privileges. This update addresses the issues
through additional bounds checks.
CVE-ID
CVE-2014-8819 : Ian Beer of Google Project Zero
CVE-2014-8820 : Ian Beer of Google Project Zero
CVE-2014-8821 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of certain IOService userclient types.
This issue was addressed through improved validation of
IOAcceleratorFamily contexts.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed with improved bounds checking.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata. This issue was addressed through improved
validation of IOHIDFamily event queue initialization.
CVE-ID
CVE-2014-4489 : @beist
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: A bounds checking issue existed in a user client vended
by the IOHIDFamily driver which allowed a malicious application to
overwrite arbitrary portions of the kernel address space. The issue
is addressed by removing the vulnerable user client method.
CVE-ID
CVE-2014-8822 : Vitaliy Toropov working with HP's Zero Day Initiative
IOKit
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
IOUSBFamily
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A privileged application may be able to read arbitrary data
from kernel memory
Description: A memory access issue existed in the handling of IOUSB
controller user client functions. This issue was addressed through
improved argument validation.
CVE-ID
CVE-2014-8823 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Specifying a custom cache mode allowed writing to
kernel read-only shared memory segments. This issue was addressed by
not granting write permissions as a side-effect of some custom cache
modes.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-8824 : @PanguTeam
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local attacker can spoof directory service responses to
the kernel, elevate privileges, or gain kernel execution
Description: Issues existed in identitysvc validation of the
directory service resolving process, flag handling, and error
handling. This issue was addressed through improved validation.
CVE-ID
CVE-2014-8825 : Alex Radocea of CrowdStrike
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: OS X Mavericks v10.9.5
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IOSharedDataQueue objects. This issue was
addressed through relocation of the metadata.
CVE-ID
CVE-2014-4461 : @PanguTeam
LaunchServices
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious JAR file may bypass Gatekeeper checks
Description: An issue existed in the handling of application
launches which allowed certain malicious JAR files to bypass
Gatekeeper checks. This issue was addressed through improved handling
of file type metadata.
CVE-ID
CVE-2014-8826 : Hernan Ochoa of Amplia Security
libnetcore
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. By sending networkd a
maliciously formatted message, it may have been possible to execute
arbitrary code as the networkd process. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
LoginWindow
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A Mac may not lock immediately upon wake
Description: An issue existed in the rendering of the lock screen.
This issue was address through improved screen rendering while
locked.
CVE-ID
CVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed
testers
lukemftp
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Using the command line ftp tool to fetch files from a
malicious http server may lead to arbitrary code execution
Description: A command injection issue existed in the handling of
HTTP redirects. This issue was addressed through improved validation
of special characters.
CVE-ID
CVE-2014-8517
OpenSSL
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one
that may allow an attacker to downgrade connections to use weaker
cipher-suites in applications using the library
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8za.
These issues were addressed by updating OpenSSL to version 0.9.8zc.
CVE-ID
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
Sandbox
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A design issue existed in the caching of sandbox
profiles which allowed sandboxed applications to gain write access to
the cache. This issue was addressed by restricting write access to
paths containing a "com.apple.sandbox" segment. This issue does
not affect OS X Yosemite v10.10 or later.
CVE-ID
CVE-2014-8828 : Apple
SceneKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: Multiple out of bounds write issues existed in
SceneKit. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2014-8829 : Jose Duart of the Google Security Team
SceneKit
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted Collada file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in SceneKit's handling
of Collada files. Viewing a maliciously crafted Collada file may have
led to an unexpected application termination or arbitrary code
execution. This issue was addressed through improved validation of
accessor elements.
CVE-ID
CVE-2014-8830 : Jose Duart of Google Security Team
Security
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A downloaded application signed with a revoked Developer ID
certificate may pass Gatekeeper checks
Description: An issue existed with how cached application
certificate information was evaluated. This issue was addressed with
cache logic improvements.
CVE-ID
CVE-2014-8838 : Apple
security_taskgate
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: An app may access keychain items belonging to other apps
Description: An access control issue existed in the Keychain.
Applications signed with self-signed or Developer ID certificates
could access keychain items whose access control lists were based on
keychain groups. This issue was addressed by validating the signing
identity when granting access to keychain groups.
CVE-ID
CVE-2014-8831 : Apple
Spotlight
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: The sender of an email could determine the IP address of the
recipient
Description: Spotlight did not check the status of Mail's "Load
remote content in messages" setting. This issue was addressed by
improving configuration checking.
CVE-ID
CVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of
LastFriday.no
Spotlight
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may save unexpected information to an external
hard drive
Description: An issue existed in Spotlight where memory contents may
have been written to external hard drives when indexing. This issue
was addressed with better memory management.
CVE-ID
CVE-2014-8832 : F-Secure
SpotlightIndex
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may display results for files not belonging to the
user
Description: A deserialization issue existed in Spotlight's handling
of permission caches. A user performing a Spotlight query may have
been shown search results referencing files for which they don't have
sufficient privileges to read. This issue was addressed with improved
bounds checking.
CVE-ID
CVE-2014-8833 : David J Peacock, Independent Technology Consultant
sysmond
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: A type confusion vulnerability existed in sysmond that
allowed a local application to escalate privileges. The issue was
addressed with improved type checking.
CVE-ID
CVE-2014-8835 : Ian Beer of Google Project Zero
UserAccountUpdater
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Printing-related preference files may contain sensitive
information about PDF documents
Description: OS X Yosemite v10.10 addressed an issue in the handling
of password-protected PDF files created from the Print dialog where
passwords may have been included in printing preference files. This
update removes such extraneous information that may have been present
in printing preference files.
CVE-ID
CVE-2014-8834 : Apple
Note: OS X Yosemite 10.10.2 includes the security content of Safari
8.0.3. For further details see https://support.apple.com/kb/HT204243
OS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F
N9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET
D1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG
LqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX
FcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6
8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/
qmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW
gzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V
0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA
0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns
sAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq
nggZl3Sa+QhfaHSUqSJI
=uAqk
-----END PGP SIGNATURE-----
| VAR-201501-0625 | CVE-2014-4480 | Apple iOS and Apple TV of AppleFileConduit of afc Vulnerable to directory traversal |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink. Multiple Apple products are prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect AppleFileConduit, Kernel, and WebKit components.
Attackers can exploit these issues to bypass security restrictions, disclose information, and perform other attacks. Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition TV set-top box product. AppleFileConduit is a component for viewing system files in jailbroken iOS devices. An attacker could exploit this vulnerability with a malicious 'afc' command to gain access to a protected file system. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-2 iOS 8.1.3
iOS 8.1.3 is now available and addresses the following:
AppleFileConduit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted afc command may allow access to
protected parts of the filesystem
Description: A vulnerability existed in the symbolic linking
mechanism of afc. This issue was addressed by adding additional path
checks.
CVE-ID
CVE-2014-4480 : TaiG Jailbreak Team
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
dyld
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of
Mach-O executable files with overlapping segments. This issue was
addressed through improved validation of segment sizes.
CVE-ID
CVE-2014-4455 : TaiG Jailbreak Team
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
Foundation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of resource lists. This issue was
addressed by removing unneeded code.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed through improved size validation.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. The issue was addressed with
improved filtering of URLs opened by the iTunes Store.
CVE-ID
CVE-2014-8840 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An issue existed in the kernel shared memory subsystem
that allowed an attacker to write to memory that was intended to be
read-only. This issue was addressed with stricter checking of shared
memory permissions.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: The mach_port_kobject kernel interface leaked kernel
addresses and heap permutation value, which may aid in bypassing
address space layout randomization protection. This was addressed by
disabling the mach_port_kobject interface in production
configurations.
CVE-ID
CVE-2014-4496 : TaiG Jailbreak Team
libnetcore
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. By sending a maliciously
formatted message to networkd, it may have been possible to execute
arbitrary code as the networkd process. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
MobileInstallation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious enterprise-signed application may be able to
take control of the local container for applications already on a
device
Description: A vulnerability existed in the application installation
process. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application. This issue
was addressed through improved code signature validation.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-4465 : Rennie deGraaf of iSEC Partners
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2014-3192 : cloudfuzzer
CVE-2014-4459
CVE-2014-4466 : Apple
CVE-2014-4468 : Apple
CVE-2014-4469 : Apple
CVE-2014-4470 : Apple
CVE-2014-4471 : Apple
CVE-2014-4472 : Apple
CVE-2014-4473 : Apple
CVE-2014-4474 : Apple
CVE-2014-4475 : Apple
CVE-2014-4476 : Apple
CVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day Initiative
CVE-2014-4479 : Apple
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.1.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8umAAoJEBcWfLTuOo7tTskQAI5o4uXj16m90mQhSqUYG35F
pCbUBiLJj4IWcgLsNDKgnhcmX6YOA+q7LnyCuU91K4DLybFZr5/OrxDU4/qCsKQb
8o6uRHdtfq6zrOrUgv+hKXP36Rf5v/zl/P9JViuJoKZXMQow6DYoTpCaUAUwp23z
mrF3EwzZyxfT2ICWwPS7r8A9annIprGBZLJz1Yr7Ek90WILTg9RbgnI60IBfpLzn
Bi4ej9FqV2HAy4S9Fad6jyB9E0rAsl6PRMPGKVvOa2o1/mLqiFGR06qyHwJ+ynj8
tTGcnVhiZVaiur807DY1hb6uB2oLFQXxHFYe3T17l3igM/iminMpWfcq/PmnIIwR
IASrhc24qgUywOGK6FfVKdoh5KNgb3xK4X7U9YL9/eMwgT48a2qO6lLTfYdFfBCh
wEzMAFEDpnkwOSw/s5Ry0eCY+p+DU0Kxr3Ter3zkNO0abf2yXjAtu4nHBk3I1t4P
y8fM8vcWhPDTdfhIWp5Vwcs6sxCGXO1/w6Okuv4LlEDkSJ0Vm2AdhnE0TmhWW0BB
w7XMGRYdUCYRbGIta1wciD8yR1xeAWGIOL9+tYROfK4jgPgFGNjtkhqMWNxLZwnR
IEHZ2hYBhf3bWCtEDP5nZBV7jdUUdMxDzDX9AuPp67SXld2By+iMe8AYgu6EVhfY
CfDJ+b9mxdd8GswiT3OO
=j9pr
-----END PGP SIGNATURE-----
| VAR-201501-0621 | CVE-2014-4499 | Apple OS X of CommerceKit Framework of App Store Vulnerabilities that capture important information in the process |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file. Apple Mac OS X is prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components.
Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions.
These issues affect OS X prior to 10.10.2. A local attacker could exploit this vulnerability to obtain sensitive information by reading a file. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
OS X 10.10.2 and Security Update 2015-001 are now available and
address the following:
AFP Server
Available for: OS X Mavericks v10.9.5
Impact: A remote attacker may be able to determine all the network
addresses of the system
Description: The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
bash
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in bash, including one that may
allow local attackers to execute arbitrary code
Description: Multiple vulnerabilities existed in bash. These issues
were addressed by updating bash to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
Bluetooth
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer signedness error existed in
IOBluetoothFamily which allowed manipulation of kernel memory. This
issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4497
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An error existed in the Bluetooth driver that allowed a
malicious application to control the size of a write to kernel
memory. The issue was addressed through additional input validation.
CVE-ID
CVE-2014-8836 : Ian Beer of Google Project Zero
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple security issues existed in the Bluetooth
driver, allowing a malicious application to execute arbitrary code
with system privilege. The issues were addressed through additional
input validation.
CVE-ID
CVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze
Networks
CFNetwork Cache
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Website cache may not be fully cleared after leaving private
browsing
Description: A privacy issue existed where browsing data could
remain in the cache after leaving private browsing. This issue was
addressed through a change in caching behavior.
CVE-ID
CVE-2014-4460
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
CPU Software
Available for: OS X Yosemite v10.10 and v10.10.1,
for: MacBook Pro Retina, MacBook Air (Mid 2013 and later),
iMac (Late 2013 and later), Mac Pro (Late 2013)
Impact: A malicious Thunderbolt device may be able to affect
firmware flashing
Description: Thunderbolt devices could modify the host firmware if
connected during an EFI update. This issue was addressed by not
loading option ROMs during updates. This issue was addressed by
disallowing logging of credentials.
CVE-ID
CVE-2014-4499 : Sten Petersen
CoreGraphics
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Some third-party applications with non-secure text entry and
mouse events may log those events
Description: Due to the combination of an uninitialized variable and
an application's custom allocator, non-secure text entry and mouse
events may have been logged. This issue was addressed by ensuring
that logging is off by default.
CVE-ID
CVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
PDF files. The issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-8816 : Mike Myers, of Digital Operatives LLC
CoreSymbolication
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple type confusion issues existed in
coresymbolicationd's handling of XPC messages. These issues were
addressed through improved type checking.
CVE-ID
CVE-2014-8817 : Ian Beer of Google Project Zero
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
Foundation
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in Intel graphics driver
Description: Multiple vulnerabilities existed in the Intel graphics
driver, the most serious of which may have led to arbitrary code
execution with system privileges. This update addresses the issues
through additional bounds checks.
CVE-ID
CVE-2014-8819 : Ian Beer of Google Project Zero
CVE-2014-8820 : Ian Beer of Google Project Zero
CVE-2014-8821 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of certain IOService userclient types.
This issue was addressed through improved validation of
IOAcceleratorFamily contexts.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed with improved bounds checking.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation of IOHIDFamily event queue initialization.
CVE-ID
CVE-2014-4489 : @beist
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: A bounds checking issue existed in a user client vended
by the IOHIDFamily driver which allowed a malicious application to
overwrite arbitrary portions of the kernel address space. The issue
is addressed by removing the vulnerable user client method.
CVE-ID
CVE-2014-8822 : Vitaliy Toropov working with HP's Zero Day Initiative
IOKit
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
IOUSBFamily
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A privileged application may be able to read arbitrary data
from kernel memory
Description: A memory access issue existed in the handling of IOUSB
controller user client functions. This issue was addressed through
improved argument validation.
CVE-ID
CVE-2014-8823 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Specifying a custom cache mode allowed writing to
kernel read-only shared memory segments. This issue was addressed by
not granting write permissions as a side-effect of some custom cache
modes.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-8824 : @PanguTeam
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local attacker can spoof directory service responses to
the kernel, elevate privileges, or gain kernel execution
Description: Issues existed in identitysvc validation of the
directory service resolving process, flag handling, and error
handling. This issue was addressed through improved validation.
CVE-ID
CVE-2014-8825 : Alex Radocea of CrowdStrike
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: OS X Mavericks v10.9.5
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IOSharedDataQueue objects. This issue was
addressed through relocation of the metadata.
CVE-ID
CVE-2014-4461 : @PanguTeam
LaunchServices
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious JAR file may bypass Gatekeeper checks
Description: An issue existed in the handling of application
launches which allowed certain malicious JAR files to bypass
Gatekeeper checks. This issue was addressed through improved handling
of file type metadata.
CVE-ID
CVE-2014-8826 : Hernan Ochoa of Amplia Security
libnetcore
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. By sending networkd a
maliciously formatted message, it may have been possible to execute
arbitrary code as the networkd process. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
LoginWindow
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A Mac may not lock immediately upon wake
Description: An issue existed in the rendering of the lock screen.
This issue was address through improved screen rendering while
locked.
CVE-ID
CVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed
testers
lukemftp
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Using the command line ftp tool to fetch files from a
malicious http server may lead to arbitrary code execution
Description: A command injection issue existed in the handling of
HTTP redirects. This issue was addressed through improved validation
of special characters.
CVE-ID
CVE-2014-8517
OpenSSL
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one
that may allow an attacker to downgrade connections to use weaker
cipher-suites in applications using the library
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8za.
These issues were addressed by updating OpenSSL to version 0.9.8zc.
CVE-ID
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
Sandbox
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A design issue existed in the caching of sandbox
profiles which allowed sandboxed applications to gain write access to
the cache. This issue was addressed by restricting write access to
paths containing a "com.apple.sandbox" segment.
CVE-ID
CVE-2014-8828 : Apple
SceneKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: Multiple out of bounds write issues existed in
SceneKit. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2014-8829 : Jose Duart of the Google Security Team
SceneKit
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted Collada file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in SceneKit's handling
of Collada files. Viewing a maliciously crafted Collada file may have
led to an unexpected application termination or arbitrary code
execution. This issue was addressed through improved validation of
accessor elements.
CVE-ID
CVE-2014-8830 : Jose Duart of Google Security Team
Security
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A downloaded application signed with a revoked Developer ID
certificate may pass Gatekeeper checks
Description: An issue existed with how cached application
certificate information was evaluated. This issue was addressed with
cache logic improvements.
CVE-ID
CVE-2014-8838 : Apple
security_taskgate
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: An app may access keychain items belonging to other apps
Description: An access control issue existed in the Keychain.
Applications signed with self-signed or Developer ID certificates
could access keychain items whose access control lists were based on
keychain groups. This issue was addressed by validating the signing
identity when granting access to keychain groups.
CVE-ID
CVE-2014-8831 : Apple
Spotlight
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: The sender of an email could determine the IP address of the
recipient
Description: Spotlight did not check the status of Mail's "Load
remote content in messages" setting. This issue was addressed by
improving configuration checking.
CVE-ID
CVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of
LastFriday.no
Spotlight
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may save unexpected information to an external
hard drive
Description: An issue existed in Spotlight where memory contents may
have been written to external hard drives when indexing. This issue
was addressed with better memory management.
CVE-ID
CVE-2014-8832 : F-Secure
SpotlightIndex
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may display results for files not belonging to the
user
Description: A deserialization issue existed in Spotlight's handling
of permission caches. A user performing a Spotlight query may have
been shown search results referencing files for which they don't have
sufficient privileges to read. This issue was addressed with improved
bounds checking.
CVE-ID
CVE-2014-8833 : David J Peacock, Independent Technology Consultant
sysmond
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: A type confusion vulnerability existed in sysmond that
allowed a local application to escalate privileges. The issue was
addressed with improved type checking.
CVE-ID
CVE-2014-8835 : Ian Beer of Google Project Zero
UserAccountUpdater
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Printing-related preference files may contain sensitive
information about PDF documents
Description: OS X Yosemite v10.10 addressed an issue in the handling
of password-protected PDF files created from the Print dialog where
passwords may have been included in printing preference files. This
update removes such extraneous information that may have been present
in printing preference files. For further details see https://support.apple.com/kb/HT204243
OS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F
N9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET
D1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG
LqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX
FcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6
8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/
qmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW
gzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V
0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA
0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns
sAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq
nggZl3Sa+QhfaHSUqSJI
=uAqk
-----END PGP SIGNATURE-----
| VAR-201501-0631 | CVE-2014-4487 | plural Apple Product IOHIDFamily Vulnerable to buffer overflow |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app. Multiple Apple products are prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect CoreGraphics, FontParser, Foundation, IOAcceleratorFamily, IOHIDFamily, Kernel, and libnetcoreCore components.
Attackers can exploit these issues to execute arbitrary code, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions. in the United States.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-3192 : cloudfuzzer
CVE-2014-4459
CVE-2014-4466 : Apple
CVE-2014-4468 : Apple
CVE-2014-4469 : Apple
CVE-2014-4470 : Apple
CVE-2014-4471 : Apple
CVE-2014-4472 : Apple
CVE-2014-4473 : Apple
CVE-2014-4474 : Apple
CVE-2014-4475 : Apple
CVE-2014-4476 : Apple
CVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day Initiative
CVE-2014-4479 : Apple
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.1.3". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
OS X 10.10.2 and Security Update 2015-001 are now available and
address the following:
AFP Server
Available for: OS X Mavericks v10.9.5
Impact: A remote attacker may be able to determine all the network
addresses of the system
Description: The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
bash
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in bash, including one that may
allow local attackers to execute arbitrary code
Description: Multiple vulnerabilities existed in bash. These issues
were addressed by updating bash to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
Bluetooth
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer signedness error existed in
IOBluetoothFamily which allowed manipulation of kernel memory. This
issue was addressed through improved bounds checking. This issue does
not affect OS X Yosemite systems.
CVE-ID
CVE-2014-4497
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An error existed in the Bluetooth driver that allowed a
malicious application to control the size of a write to kernel
memory. The issue was addressed through additional input validation.
CVE-ID
CVE-2014-8836 : Ian Beer of Google Project Zero
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple security issues existed in the Bluetooth
driver, allowing a malicious application to execute arbitrary code
with system privilege. The issues were addressed through additional
input validation.
CVE-ID
CVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze
Networks
CFNetwork Cache
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Website cache may not be fully cleared after leaving private
browsing
Description: A privacy issue existed where browsing data could
remain in the cache after leaving private browsing. This issue was
addressed through a change in caching behavior.
CVE-ID
CVE-2014-4460
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
CPU Software
Available for: OS X Yosemite v10.10 and v10.10.1,
for: MacBook Pro Retina, MacBook Air (Mid 2013 and later),
iMac (Late 2013 and later), Mac Pro (Late 2013)
Impact: A malicious Thunderbolt device may be able to affect
firmware flashing
Description: Thunderbolt devices could modify the host firmware if
connected during an EFI update. This issue was addressed by not
loading option ROMs during updates.
CVE-ID
CVE-2014-4498 : Trammell Hudson of Two Sigma Investments
CommerceKit Framework
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: An attacker with access to a system may be able to recover
Apple ID credentials
Description: An issue existed in the handling of App Store logs. The
App Store process could log Apple ID credentials in the log when
additional logging was enabled. This issue was addressed by
disallowing logging of credentials.
CVE-ID
CVE-2014-4499 : Sten Petersen
CoreGraphics
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Some third-party applications with non-secure text entry and
mouse events may log those events
Description: Due to the combination of an uninitialized variable and
an application's custom allocator, non-secure text entry and mouse
events may have been logged. This issue was addressed by ensuring
that logging is off by default. This issue did not affect systems
prior to OS X Yosemite.
CVE-ID
CVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
PDF files. The issue was addressed through improved bounds checking.
This issue does not affect OS X Yosemite systems.
CVE-ID
CVE-2014-8816 : Mike Myers, of Digital Operatives LLC
CoreSymbolication
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple type confusion issues existed in
coresymbolicationd's handling of XPC messages. These issues were
addressed through improved type checking.
CVE-ID
CVE-2014-8817 : Ian Beer of Google Project Zero
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in Intel graphics driver
Description: Multiple vulnerabilities existed in the Intel graphics
driver, the most serious of which may have led to arbitrary code
execution with system privileges. This update addresses the issues
through additional bounds checks.
CVE-ID
CVE-2014-8819 : Ian Beer of Google Project Zero
CVE-2014-8820 : Ian Beer of Google Project Zero
CVE-2014-8821 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of certain IOService userclient types.
This issue was addressed through improved validation of
IOAcceleratorFamily contexts. This issue
was addressed with improved bounds checking.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation of IOHIDFamily event queue initialization.
CVE-ID
CVE-2014-4489 : @beist
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: A bounds checking issue existed in a user client vended
by the IOHIDFamily driver which allowed a malicious application to
overwrite arbitrary portions of the kernel address space. The issue
is addressed by removing the vulnerable user client method. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
IOUSBFamily
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A privileged application may be able to read arbitrary data
from kernel memory
Description: A memory access issue existed in the handling of IOUSB
controller user client functions. This issue was addressed through
improved argument validation.
CVE-ID
CVE-2014-8823 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Specifying a custom cache mode allowed writing to
kernel read-only shared memory segments. This issue was addressed by
not granting write permissions as a side-effect of some custom cache
modes.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-8824 : @PanguTeam
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local attacker can spoof directory service responses to
the kernel, elevate privileges, or gain kernel execution
Description: Issues existed in identitysvc validation of the
directory service resolving process, flag handling, and error
handling. This issue was addressed through improved validation.
CVE-ID
CVE-2014-8825 : Alex Radocea of CrowdStrike
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: OS X Mavericks v10.9.5
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IOSharedDataQueue objects. This issue was
addressed through relocation of the metadata.
CVE-ID
CVE-2014-4461 : @PanguTeam
LaunchServices
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious JAR file may bypass Gatekeeper checks
Description: An issue existed in the handling of application
launches which allowed certain malicious JAR files to bypass
Gatekeeper checks. This issue was addressed through improved handling
of file type metadata.
CVE-ID
CVE-2014-8826 : Hernan Ochoa of Amplia Security
libnetcore
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. By sending networkd a
maliciously formatted message, it may have been possible to execute
arbitrary code as the networkd process. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
LoginWindow
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A Mac may not lock immediately upon wake
Description: An issue existed in the rendering of the lock screen.
This issue was address through improved screen rendering while
locked.
CVE-ID
CVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed
testers
lukemftp
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Using the command line ftp tool to fetch files from a
malicious http server may lead to arbitrary code execution
Description: A command injection issue existed in the handling of
HTTP redirects. This issue was addressed through improved validation
of special characters.
CVE-ID
CVE-2014-8517
OpenSSL
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one
that may allow an attacker to downgrade connections to use weaker
cipher-suites in applications using the library
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8za.
These issues were addressed by updating OpenSSL to version 0.9.8zc.
CVE-ID
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
Sandbox
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A design issue existed in the caching of sandbox
profiles which allowed sandboxed applications to gain write access to
the cache. This issue was addressed by restricting write access to
paths containing a "com.apple.sandbox" segment. This issue does
not affect OS X Yosemite v10.10 or later.
CVE-ID
CVE-2014-8828 : Apple
SceneKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: Multiple out of bounds write issues existed in
SceneKit. These issues were addressed through improved bounds
checking. Viewing a maliciously crafted Collada file may have
led to an unexpected application termination or arbitrary code
execution. This issue was addressed through improved validation of
accessor elements.
CVE-ID
CVE-2014-8830 : Jose Duart of Google Security Team
Security
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A downloaded application signed with a revoked Developer ID
certificate may pass Gatekeeper checks
Description: An issue existed with how cached application
certificate information was evaluated. This issue was addressed with
cache logic improvements.
CVE-ID
CVE-2014-8838 : Apple
security_taskgate
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: An app may access keychain items belonging to other apps
Description: An access control issue existed in the Keychain.
Applications signed with self-signed or Developer ID certificates
could access keychain items whose access control lists were based on
keychain groups. This issue was addressed by validating the signing
identity when granting access to keychain groups.
CVE-ID
CVE-2014-8831 : Apple
Spotlight
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: The sender of an email could determine the IP address of the
recipient
Description: Spotlight did not check the status of Mail's "Load
remote content in messages" setting. This issue was addressed by
improving configuration checking.
CVE-ID
CVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of
LastFriday.no
Spotlight
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may save unexpected information to an external
hard drive
Description: An issue existed in Spotlight where memory contents may
have been written to external hard drives when indexing. This issue
was addressed with better memory management.
CVE-ID
CVE-2014-8832 : F-Secure
SpotlightIndex
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may display results for files not belonging to the
user
Description: A deserialization issue existed in Spotlight's handling
of permission caches. A user performing a Spotlight query may have
been shown search results referencing files for which they don't have
sufficient privileges to read. This issue was addressed with improved
bounds checking.
CVE-ID
CVE-2014-8833 : David J Peacock, Independent Technology Consultant
sysmond
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: A type confusion vulnerability existed in sysmond that
allowed a local application to escalate privileges. The issue was
addressed with improved type checking.
CVE-ID
CVE-2014-8835 : Ian Beer of Google Project Zero
UserAccountUpdater
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Printing-related preference files may contain sensitive
information about PDF documents
Description: OS X Yosemite v10.10 addressed an issue in the handling
of password-protected PDF files created from the Print dialog where
passwords may have been included in printing preference files. This
update removes such extraneous information that may have been present
in printing preference files.
CVE-ID
CVE-2014-8834 : Apple
Note: OS X Yosemite 10.10.2 includes the security content of Safari
8.0.3. For further details see https://support.apple.com/kb/HT204243
OS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F
N9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET
D1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG
LqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX
FcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6
8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/
qmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW
gzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V
0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA
0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns
sAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq
nggZl3Sa+QhfaHSUqSJI
=uAqk
-----END PGP SIGNATURE-----
| VAR-201501-0618 | CVE-2014-4496 | Apple iOS and Apple TV Of the kernel mach_port_kobject In the interface ASLR Vulnerabilities that circumvent protection mechanisms |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. Multiple Apple products are prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect AppleFileConduit, Kernel, and WebKit components.
Attackers can exploit these issues to bypass security restrictions, disclose information, and perform other attacks. Both Apple iOS and Apple TV are products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition TV set-top box product. The vulnerability stems from the fact that the program does not correctly limit the kernel-address and heap-permutation information. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-03-09-3 Security Update 2015-002
Security Update 2015-002 is now available and addresses the
following:
iCloud Keychain
Available for: OS X Yosemite v10.10.2
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: Multiple buffer overflows existed in the handling of
data during iCloud Keychain recovery. These issues were addressed
through improved bounds checking.
CVE-ID
CVE-2015-1065 : Andrey Belenko of NowSecure
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemite v10.10.2
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An off by one issue existed in IOAcceleratorFamily.
This issue was addressed through improved bounds checking.
CVE-ID
CVE-2015-1066 : Ian Beer of Google Project Zero
IOSurface
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemite v10.10.2
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A type confusion issue existed in IOSurface's handling
of serialized objects. The issue was addressed through additional
type checking.
CVE-ID
CVE-2015-1061 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Yosemite v10.10.2
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: The mach_port_kobject kernel interface leaked kernel
addresses and heap permutation value, which may aid in bypassing
address space layout randomization protection. This was addressed by
disabling the mach_port_kobject interface in production
configurations.
CVE-ID
CVE-2014-4496 : TaiG Jailbreak Team
Secure Transport
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemite v10.10.2
Impact: An attacker with a privileged network position may intercept
SSL/TLS connections
Description: Secure Transport accepted short ephemeral RSA keys,
usually used only in export-strength RSA cipher suites, on
connections using full-strength RSA cipher suites. This issue, also
known as FREAK, only affected connections to servers which support
export-strength RSA cipher suites, and was addressed by removing
support for ephemeral RSA keys.
CVE-ID
CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine
Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of
Prosecco at Inria Paris
Security Update 2015-002 may be obtained from the Mac App Store
or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJU/fmlAAoJEBcWfLTuOo7tiDQP/2pmrat21oSpVVCytKMELXhx
QJ3IERRNcNOI/toYqEei7WH8XeiIBo2Eq2IRrxuNPqILEDJDzv47UfmyN9jwfgoo
R73nGHR1NwbhlvB6ckfSRqb0uLGmT3Gs+fSQSEVzlWJfrUjqwWEQwZIZubEKW4DK
F9PoKormSyciv+g0Aw0A4WvFTfAeM3qUcq3I6bIqSM76tUhzuq63TOz5e6KGoAvp
VHm34OvVU/vt0YLvi3kw5mbxisYfJPyrfTzSRdD7ATvsPc8LGWP4tG46cKy6lBVe
7T7T5lb0ApRl7JEvy37KZCMvvd+OQr2YZA8HE06FrfGw8QvoQSKaHVMxib7shq1i
but+lmTi7SUO3OY/5CqpJlSYUdaS3wTTEF6VuI3tsdHsGNNH1zync2+UmSKpIzyR
TxbGyyozbdZ+R83ULE0jar9BsDFQR9VSNiNqDB89Y3Rx6rcePFXlQ1W2J7/yhS+N
kYrlbNLeZdPFHfVKS+rl/spbEkOi+jp/W2NoBTRGwOU6eED5/YE6WN6podZZKW9b
I3NWRzFnxtpk9Y/UldV1iPlZJQzTf8smP7dUZcweCDrFQg8QLhETENG0f4r2/30u
i6DSLoFrdFE1Z1+mF3SG9++9f+PSvOXqt7iRrYJMyoPWbKtb9gxIOs8mK5T/D+vu
TJDXCjMND7F2ZJFRim/F
=7PU8
-----END PGP SIGNATURE-----
| VAR-201501-0620 | CVE-2014-4498 | Apple OS X of CPU Software Vulnerabilities to modify firmware |
CVSS V2: 4.7 CVSS V3: - Severity: MEDIUM |
The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue. This case "Thunderstrike" Vulnerability related to the problem. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified.
The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components.
Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions.
These issues affect OS X prior to 10.10.2. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
OS X 10.10.2 and Security Update 2015-001 are now available and
address the following:
AFP Server
Available for: OS X Mavericks v10.9.5
Impact: A remote attacker may be able to determine all the network
addresses of the system
Description: The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
bash
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in bash, including one that may
allow local attackers to execute arbitrary code
Description: Multiple vulnerabilities existed in bash. These issues
were addressed by updating bash to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
Bluetooth
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer signedness error existed in
IOBluetoothFamily which allowed manipulation of kernel memory. This
issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4497
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An error existed in the Bluetooth driver that allowed a
malicious application to control the size of a write to kernel
memory. The issue was addressed through additional input validation.
CVE-ID
CVE-2014-8836 : Ian Beer of Google Project Zero
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple security issues existed in the Bluetooth
driver, allowing a malicious application to execute arbitrary code
with system privilege. The issues were addressed through additional
input validation.
CVE-ID
CVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze
Networks
CFNetwork Cache
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Website cache may not be fully cleared after leaving private
browsing
Description: A privacy issue existed where browsing data could
remain in the cache after leaving private browsing. This issue was
addressed through a change in caching behavior.
CVE-ID
CVE-2014-4460
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
CPU Software
Available for: OS X Yosemite v10.10 and v10.10.1,
for: MacBook Pro Retina, MacBook Air (Mid 2013 and later),
iMac (Late 2013 and later), Mac Pro (Late 2013)
Impact: A malicious Thunderbolt device may be able to affect
firmware flashing
Description: Thunderbolt devices could modify the host firmware if
connected during an EFI update. This issue was addressed by not
loading option ROMs during updates.
CVE-ID
CVE-2014-4498 : Trammell Hudson of Two Sigma Investments
CommerceKit Framework
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: An attacker with access to a system may be able to recover
Apple ID credentials
Description: An issue existed in the handling of App Store logs. The
App Store process could log Apple ID credentials in the log when
additional logging was enabled. This issue was addressed by
disallowing logging of credentials.
CVE-ID
CVE-2014-4499 : Sten Petersen
CoreGraphics
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Some third-party applications with non-secure text entry and
mouse events may log those events
Description: Due to the combination of an uninitialized variable and
an application's custom allocator, non-secure text entry and mouse
events may have been logged. This issue was addressed by ensuring
that logging is off by default.
CVE-ID
CVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
PDF files. The issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-8816 : Mike Myers, of Digital Operatives LLC
CoreSymbolication
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple type confusion issues existed in
coresymbolicationd's handling of XPC messages. These issues were
addressed through improved type checking.
CVE-ID
CVE-2014-8817 : Ian Beer of Google Project Zero
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
Foundation
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in Intel graphics driver
Description: Multiple vulnerabilities existed in the Intel graphics
driver, the most serious of which may have led to arbitrary code
execution with system privileges. This update addresses the issues
through additional bounds checks.
CVE-ID
CVE-2014-8819 : Ian Beer of Google Project Zero
CVE-2014-8820 : Ian Beer of Google Project Zero
CVE-2014-8821 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of certain IOService userclient types.
This issue was addressed through improved validation of
IOAcceleratorFamily contexts.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed with improved bounds checking.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation of IOHIDFamily event queue initialization.
CVE-ID
CVE-2014-4489 : @beist
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: A bounds checking issue existed in a user client vended
by the IOHIDFamily driver which allowed a malicious application to
overwrite arbitrary portions of the kernel address space. The issue
is addressed by removing the vulnerable user client method.
CVE-ID
CVE-2014-8822 : Vitaliy Toropov working with HP's Zero Day Initiative
IOKit
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
IOUSBFamily
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A privileged application may be able to read arbitrary data
from kernel memory
Description: A memory access issue existed in the handling of IOUSB
controller user client functions. This issue was addressed through
improved argument validation.
CVE-ID
CVE-2014-8823 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Specifying a custom cache mode allowed writing to
kernel read-only shared memory segments. This issue was addressed by
not granting write permissions as a side-effect of some custom cache
modes.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-8824 : @PanguTeam
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local attacker can spoof directory service responses to
the kernel, elevate privileges, or gain kernel execution
Description: Issues existed in identitysvc validation of the
directory service resolving process, flag handling, and error
handling. This issue was addressed through improved validation.
CVE-ID
CVE-2014-8825 : Alex Radocea of CrowdStrike
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: OS X Mavericks v10.9.5
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IOSharedDataQueue objects. This issue was
addressed through relocation of the metadata.
CVE-ID
CVE-2014-4461 : @PanguTeam
LaunchServices
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious JAR file may bypass Gatekeeper checks
Description: An issue existed in the handling of application
launches which allowed certain malicious JAR files to bypass
Gatekeeper checks. This issue was addressed through improved handling
of file type metadata.
CVE-ID
CVE-2014-8826 : Hernan Ochoa of Amplia Security
libnetcore
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. By sending networkd a
maliciously formatted message, it may have been possible to execute
arbitrary code as the networkd process. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
LoginWindow
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A Mac may not lock immediately upon wake
Description: An issue existed in the rendering of the lock screen.
This issue was address through improved screen rendering while
locked.
CVE-ID
CVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed
testers
lukemftp
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Using the command line ftp tool to fetch files from a
malicious http server may lead to arbitrary code execution
Description: A command injection issue existed in the handling of
HTTP redirects. This issue was addressed through improved validation
of special characters.
CVE-ID
CVE-2014-8517
OpenSSL
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one
that may allow an attacker to downgrade connections to use weaker
cipher-suites in applications using the library
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8za.
These issues were addressed by updating OpenSSL to version 0.9.8zc.
CVE-ID
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
Sandbox
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A design issue existed in the caching of sandbox
profiles which allowed sandboxed applications to gain write access to
the cache. This issue was addressed by restricting write access to
paths containing a "com.apple.sandbox" segment.
CVE-ID
CVE-2014-8828 : Apple
SceneKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: Multiple out of bounds write issues existed in
SceneKit. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2014-8829 : Jose Duart of the Google Security Team
SceneKit
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted Collada file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in SceneKit's handling
of Collada files. Viewing a maliciously crafted Collada file may have
led to an unexpected application termination or arbitrary code
execution. This issue was addressed through improved validation of
accessor elements.
CVE-ID
CVE-2014-8830 : Jose Duart of Google Security Team
Security
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A downloaded application signed with a revoked Developer ID
certificate may pass Gatekeeper checks
Description: An issue existed with how cached application
certificate information was evaluated. This issue was addressed with
cache logic improvements.
CVE-ID
CVE-2014-8838 : Apple
security_taskgate
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: An app may access keychain items belonging to other apps
Description: An access control issue existed in the Keychain.
Applications signed with self-signed or Developer ID certificates
could access keychain items whose access control lists were based on
keychain groups. This issue was addressed by validating the signing
identity when granting access to keychain groups.
CVE-ID
CVE-2014-8831 : Apple
Spotlight
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: The sender of an email could determine the IP address of the
recipient
Description: Spotlight did not check the status of Mail's "Load
remote content in messages" setting. This issue was addressed by
improving configuration checking.
CVE-ID
CVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of
LastFriday.no
Spotlight
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may save unexpected information to an external
hard drive
Description: An issue existed in Spotlight where memory contents may
have been written to external hard drives when indexing. This issue
was addressed with better memory management.
CVE-ID
CVE-2014-8832 : F-Secure
SpotlightIndex
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may display results for files not belonging to the
user
Description: A deserialization issue existed in Spotlight's handling
of permission caches. A user performing a Spotlight query may have
been shown search results referencing files for which they don't have
sufficient privileges to read. This issue was addressed with improved
bounds checking.
CVE-ID
CVE-2014-8833 : David J Peacock, Independent Technology Consultant
sysmond
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: A type confusion vulnerability existed in sysmond that
allowed a local application to escalate privileges. The issue was
addressed with improved type checking.
CVE-ID
CVE-2014-8835 : Ian Beer of Google Project Zero
UserAccountUpdater
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Printing-related preference files may contain sensitive
information about PDF documents
Description: OS X Yosemite v10.10 addressed an issue in the handling
of password-protected PDF files created from the Print dialog where
passwords may have been included in printing preference files. This
update removes such extraneous information that may have been present
in printing preference files. For further details see https://support.apple.com/kb/HT204243
OS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F
N9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET
D1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG
LqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX
FcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6
8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/
qmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW
gzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V
0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA
0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns
sAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq
nggZl3Sa+QhfaHSUqSJI
=uAqk
-----END PGP SIGNATURE-----
| VAR-201501-0630 | CVE-2014-4486 | plural Apple Product IOAcceleratorFamily Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. http://cwe.mitre.org/data/definitions/476.htmlArbitrary code execution or service disruption by a third party through a crafted application (NULL Pointer dereference ) There is a possibility of being put into a state. Multiple Apple products are prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect CoreGraphics, FontParser, Foundation, IOAcceleratorFamily, IOHIDFamily, Kernel, and libnetcoreCore components.
Attackers can exploit these issues to execute arbitrary code, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions. in the United States. Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition TV set-top box product; Apple OS X is a dedicated operating system developed for Mac computers. The vulnerability is caused by the program not correctly handling the resource list and IOService client type.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-3192 : cloudfuzzer
CVE-2014-4459
CVE-2014-4466 : Apple
CVE-2014-4468 : Apple
CVE-2014-4469 : Apple
CVE-2014-4470 : Apple
CVE-2014-4471 : Apple
CVE-2014-4472 : Apple
CVE-2014-4473 : Apple
CVE-2014-4474 : Apple
CVE-2014-4475 : Apple
CVE-2014-4476 : Apple
CVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day Initiative
CVE-2014-4479 : Apple
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.1.3". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
OS X 10.10.2 and Security Update 2015-001 are now available and
address the following:
AFP Server
Available for: OS X Mavericks v10.9.5
Impact: A remote attacker may be able to determine all the network
addresses of the system
Description: The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
bash
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in bash, including one that may
allow local attackers to execute arbitrary code
Description: Multiple vulnerabilities existed in bash. These issues
were addressed by updating bash to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
Bluetooth
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer signedness error existed in
IOBluetoothFamily which allowed manipulation of kernel memory. This
issue was addressed through improved bounds checking. This issue does
not affect OS X Yosemite systems.
CVE-ID
CVE-2014-4497
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An error existed in the Bluetooth driver that allowed a
malicious application to control the size of a write to kernel
memory. The issue was addressed through additional input validation.
CVE-ID
CVE-2014-8836 : Ian Beer of Google Project Zero
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple security issues existed in the Bluetooth
driver, allowing a malicious application to execute arbitrary code
with system privilege. The issues were addressed through additional
input validation.
CVE-ID
CVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze
Networks
CFNetwork Cache
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Website cache may not be fully cleared after leaving private
browsing
Description: A privacy issue existed where browsing data could
remain in the cache after leaving private browsing. This issue was
addressed through a change in caching behavior.
CVE-ID
CVE-2014-4460
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
CPU Software
Available for: OS X Yosemite v10.10 and v10.10.1,
for: MacBook Pro Retina, MacBook Air (Mid 2013 and later),
iMac (Late 2013 and later), Mac Pro (Late 2013)
Impact: A malicious Thunderbolt device may be able to affect
firmware flashing
Description: Thunderbolt devices could modify the host firmware if
connected during an EFI update. This issue was addressed by not
loading option ROMs during updates.
CVE-ID
CVE-2014-4498 : Trammell Hudson of Two Sigma Investments
CommerceKit Framework
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: An attacker with access to a system may be able to recover
Apple ID credentials
Description: An issue existed in the handling of App Store logs. The
App Store process could log Apple ID credentials in the log when
additional logging was enabled. This issue was addressed by
disallowing logging of credentials.
CVE-ID
CVE-2014-4499 : Sten Petersen
CoreGraphics
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Some third-party applications with non-secure text entry and
mouse events may log those events
Description: Due to the combination of an uninitialized variable and
an application's custom allocator, non-secure text entry and mouse
events may have been logged. This issue was addressed by ensuring
that logging is off by default. This issue did not affect systems
prior to OS X Yosemite.
CVE-ID
CVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
PDF files. The issue was addressed through improved bounds checking.
This issue does not affect OS X Yosemite systems.
CVE-ID
CVE-2014-8816 : Mike Myers, of Digital Operatives LLC
CoreSymbolication
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple type confusion issues existed in
coresymbolicationd's handling of XPC messages. These issues were
addressed through improved type checking.
CVE-ID
CVE-2014-8817 : Ian Beer of Google Project Zero
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
Foundation
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in Intel graphics driver
Description: Multiple vulnerabilities existed in the Intel graphics
driver, the most serious of which may have led to arbitrary code
execution with system privileges. This update addresses the issues
through additional bounds checks.
CVE-ID
CVE-2014-8819 : Ian Beer of Google Project Zero
CVE-2014-8820 : Ian Beer of Google Project Zero
CVE-2014-8821 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of certain IOService userclient types.
This issue was addressed through improved validation of
IOAcceleratorFamily contexts.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed with improved bounds checking.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata. This issue was addressed through improved
validation of IOHIDFamily event queue initialization.
CVE-ID
CVE-2014-4489 : @beist
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: A bounds checking issue existed in a user client vended
by the IOHIDFamily driver which allowed a malicious application to
overwrite arbitrary portions of the kernel address space. The issue
is addressed by removing the vulnerable user client method.
CVE-ID
CVE-2014-8822 : Vitaliy Toropov working with HP's Zero Day Initiative
IOKit
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
IOUSBFamily
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A privileged application may be able to read arbitrary data
from kernel memory
Description: A memory access issue existed in the handling of IOUSB
controller user client functions. This issue was addressed through
improved argument validation.
CVE-ID
CVE-2014-8823 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Specifying a custom cache mode allowed writing to
kernel read-only shared memory segments. This issue was addressed by
not granting write permissions as a side-effect of some custom cache
modes.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-8824 : @PanguTeam
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local attacker can spoof directory service responses to
the kernel, elevate privileges, or gain kernel execution
Description: Issues existed in identitysvc validation of the
directory service resolving process, flag handling, and error
handling. This issue was addressed through improved validation.
CVE-ID
CVE-2014-8825 : Alex Radocea of CrowdStrike
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: OS X Mavericks v10.9.5
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IOSharedDataQueue objects. This issue was
addressed through relocation of the metadata.
CVE-ID
CVE-2014-4461 : @PanguTeam
LaunchServices
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious JAR file may bypass Gatekeeper checks
Description: An issue existed in the handling of application
launches which allowed certain malicious JAR files to bypass
Gatekeeper checks. This issue was addressed through improved handling
of file type metadata.
CVE-ID
CVE-2014-8826 : Hernan Ochoa of Amplia Security
libnetcore
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. By sending networkd a
maliciously formatted message, it may have been possible to execute
arbitrary code as the networkd process. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
LoginWindow
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A Mac may not lock immediately upon wake
Description: An issue existed in the rendering of the lock screen.
This issue was address through improved screen rendering while
locked.
CVE-ID
CVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed
testers
lukemftp
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Using the command line ftp tool to fetch files from a
malicious http server may lead to arbitrary code execution
Description: A command injection issue existed in the handling of
HTTP redirects. This issue was addressed through improved validation
of special characters.
CVE-ID
CVE-2014-8517
OpenSSL
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one
that may allow an attacker to downgrade connections to use weaker
cipher-suites in applications using the library
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8za.
These issues were addressed by updating OpenSSL to version 0.9.8zc.
CVE-ID
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
Sandbox
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A design issue existed in the caching of sandbox
profiles which allowed sandboxed applications to gain write access to
the cache. This issue was addressed by restricting write access to
paths containing a "com.apple.sandbox" segment. This issue does
not affect OS X Yosemite v10.10 or later.
CVE-ID
CVE-2014-8828 : Apple
SceneKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: Multiple out of bounds write issues existed in
SceneKit. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2014-8829 : Jose Duart of the Google Security Team
SceneKit
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted Collada file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in SceneKit's handling
of Collada files. This issue was addressed through improved validation of
accessor elements.
CVE-ID
CVE-2014-8830 : Jose Duart of Google Security Team
Security
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A downloaded application signed with a revoked Developer ID
certificate may pass Gatekeeper checks
Description: An issue existed with how cached application
certificate information was evaluated. This issue was addressed with
cache logic improvements.
CVE-ID
CVE-2014-8838 : Apple
security_taskgate
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: An app may access keychain items belonging to other apps
Description: An access control issue existed in the Keychain.
Applications signed with self-signed or Developer ID certificates
could access keychain items whose access control lists were based on
keychain groups. This issue was addressed by validating the signing
identity when granting access to keychain groups.
CVE-ID
CVE-2014-8831 : Apple
Spotlight
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: The sender of an email could determine the IP address of the
recipient
Description: Spotlight did not check the status of Mail's "Load
remote content in messages" setting. This issue was addressed by
improving configuration checking.
CVE-ID
CVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of
LastFriday.no
Spotlight
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may save unexpected information to an external
hard drive
Description: An issue existed in Spotlight where memory contents may
have been written to external hard drives when indexing. This issue
was addressed with better memory management.
CVE-ID
CVE-2014-8832 : F-Secure
SpotlightIndex
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may display results for files not belonging to the
user
Description: A deserialization issue existed in Spotlight's handling
of permission caches. A user performing a Spotlight query may have
been shown search results referencing files for which they don't have
sufficient privileges to read. This issue was addressed with improved
bounds checking.
CVE-ID
CVE-2014-8833 : David J Peacock, Independent Technology Consultant
sysmond
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: A type confusion vulnerability existed in sysmond that
allowed a local application to escalate privileges. The issue was
addressed with improved type checking.
CVE-ID
CVE-2014-8835 : Ian Beer of Google Project Zero
UserAccountUpdater
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Printing-related preference files may contain sensitive
information about PDF documents
Description: OS X Yosemite v10.10 addressed an issue in the handling
of password-protected PDF files created from the Print dialog where
passwords may have been included in printing preference files. This
update removes such extraneous information that may have been present
in printing preference files.
CVE-ID
CVE-2014-8834 : Apple
Note: OS X Yosemite 10.10.2 includes the security content of Safari
8.0.3. For further details see https://support.apple.com/kb/HT204243
OS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F
N9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET
D1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG
LqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX
FcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6
8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/
qmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW
gzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V
0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA
0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns
sAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq
nggZl3Sa+QhfaHSUqSJI
=uAqk
-----END PGP SIGNATURE-----
| VAR-201501-0619 | CVE-2014-4497 | Apple OS X of Bluetooth Implementation of IOBluetoothFamily Integer sign error vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app. Apple Mac OS X is prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components.
Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions.
These issues affect OS X prior to 10.10.2. An integer sign error vulnerability exists in the IOBluetoothFamily component of Apple's Bluetooth implementation prior to Mac OS X 10.10. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
OS X 10.10.2 and Security Update 2015-001 are now available and
address the following:
AFP Server
Available for: OS X Mavericks v10.9.5
Impact: A remote attacker may be able to determine all the network
addresses of the system
Description: The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
bash
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in bash, including one that may
allow local attackers to execute arbitrary code
Description: Multiple vulnerabilities existed in bash. These issues
were addressed by updating bash to patch level 57. This
issue was addressed through improved bounds checking. The issue was addressed through additional input validation.
CVE-ID
CVE-2014-8836 : Ian Beer of Google Project Zero
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple security issues existed in the Bluetooth
driver, allowing a malicious application to execute arbitrary code
with system privilege. The issues were addressed through additional
input validation.
CVE-ID
CVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze
Networks
CFNetwork Cache
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Website cache may not be fully cleared after leaving private
browsing
Description: A privacy issue existed where browsing data could
remain in the cache after leaving private browsing. This issue was
addressed through a change in caching behavior.
CVE-ID
CVE-2014-4460
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
CPU Software
Available for: OS X Yosemite v10.10 and v10.10.1,
for: MacBook Pro Retina, MacBook Air (Mid 2013 and later),
iMac (Late 2013 and later), Mac Pro (Late 2013)
Impact: A malicious Thunderbolt device may be able to affect
firmware flashing
Description: Thunderbolt devices could modify the host firmware if
connected during an EFI update. This issue was addressed by not
loading option ROMs during updates.
CVE-ID
CVE-2014-4498 : Trammell Hudson of Two Sigma Investments
CommerceKit Framework
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: An attacker with access to a system may be able to recover
Apple ID credentials
Description: An issue existed in the handling of App Store logs. The
App Store process could log Apple ID credentials in the log when
additional logging was enabled. This issue was addressed by
disallowing logging of credentials.
CVE-ID
CVE-2014-4499 : Sten Petersen
CoreGraphics
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Some third-party applications with non-secure text entry and
mouse events may log those events
Description: Due to the combination of an uninitialized variable and
an application's custom allocator, non-secure text entry and mouse
events may have been logged. This issue was addressed by ensuring
that logging is off by default.
CVE-ID
CVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
PDF files. The issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-8816 : Mike Myers, of Digital Operatives LLC
CoreSymbolication
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple type confusion issues existed in
coresymbolicationd's handling of XPC messages. These issues were
addressed through improved type checking.
CVE-ID
CVE-2014-8817 : Ian Beer of Google Project Zero
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
Foundation
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in Intel graphics driver
Description: Multiple vulnerabilities existed in the Intel graphics
driver, the most serious of which may have led to arbitrary code
execution with system privileges. This update addresses the issues
through additional bounds checks.
CVE-ID
CVE-2014-8819 : Ian Beer of Google Project Zero
CVE-2014-8820 : Ian Beer of Google Project Zero
CVE-2014-8821 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of certain IOService userclient types.
This issue was addressed through improved validation of
IOAcceleratorFamily contexts.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed with improved bounds checking.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation of IOHIDFamily event queue initialization.
CVE-ID
CVE-2014-4489 : @beist
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: A bounds checking issue existed in a user client vended
by the IOHIDFamily driver which allowed a malicious application to
overwrite arbitrary portions of the kernel address space. The issue
is addressed by removing the vulnerable user client method. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
IOUSBFamily
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A privileged application may be able to read arbitrary data
from kernel memory
Description: A memory access issue existed in the handling of IOUSB
controller user client functions. This issue was addressed through
improved argument validation.
CVE-ID
CVE-2014-8823 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Specifying a custom cache mode allowed writing to
kernel read-only shared memory segments. This issue was addressed by
not granting write permissions as a side-effect of some custom cache
modes.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-8824 : @PanguTeam
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local attacker can spoof directory service responses to
the kernel, elevate privileges, or gain kernel execution
Description: Issues existed in identitysvc validation of the
directory service resolving process, flag handling, and error
handling. This issue was addressed through improved validation.
CVE-ID
CVE-2014-8825 : Alex Radocea of CrowdStrike
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: OS X Mavericks v10.9.5
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IOSharedDataQueue objects. This issue was
addressed through relocation of the metadata.
CVE-ID
CVE-2014-4461 : @PanguTeam
LaunchServices
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious JAR file may bypass Gatekeeper checks
Description: An issue existed in the handling of application
launches which allowed certain malicious JAR files to bypass
Gatekeeper checks. This issue was addressed through improved handling
of file type metadata.
CVE-ID
CVE-2014-8826 : Hernan Ochoa of Amplia Security
libnetcore
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. By sending networkd a
maliciously formatted message, it may have been possible to execute
arbitrary code as the networkd process. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
LoginWindow
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A Mac may not lock immediately upon wake
Description: An issue existed in the rendering of the lock screen.
This issue was address through improved screen rendering while
locked.
CVE-ID
CVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed
testers
lukemftp
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Using the command line ftp tool to fetch files from a
malicious http server may lead to arbitrary code execution
Description: A command injection issue existed in the handling of
HTTP redirects. This issue was addressed through improved validation
of special characters.
CVE-ID
CVE-2014-8517
OpenSSL
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one
that may allow an attacker to downgrade connections to use weaker
cipher-suites in applications using the library
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8za.
These issues were addressed by updating OpenSSL to version 0.9.8zc.
CVE-ID
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
Sandbox
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A design issue existed in the caching of sandbox
profiles which allowed sandboxed applications to gain write access to
the cache. This issue was addressed by restricting write access to
paths containing a "com.apple.sandbox" segment.
CVE-ID
CVE-2014-8828 : Apple
SceneKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: Multiple out of bounds write issues existed in
SceneKit. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2014-8829 : Jose Duart of the Google Security Team
SceneKit
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted Collada file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in SceneKit's handling
of Collada files. Viewing a maliciously crafted Collada file may have
led to an unexpected application termination or arbitrary code
execution. This issue was addressed through improved validation of
accessor elements.
CVE-ID
CVE-2014-8830 : Jose Duart of Google Security Team
Security
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A downloaded application signed with a revoked Developer ID
certificate may pass Gatekeeper checks
Description: An issue existed with how cached application
certificate information was evaluated. This issue was addressed with
cache logic improvements.
CVE-ID
CVE-2014-8838 : Apple
security_taskgate
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: An app may access keychain items belonging to other apps
Description: An access control issue existed in the Keychain.
Applications signed with self-signed or Developer ID certificates
could access keychain items whose access control lists were based on
keychain groups. This issue was addressed by validating the signing
identity when granting access to keychain groups.
CVE-ID
CVE-2014-8831 : Apple
Spotlight
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: The sender of an email could determine the IP address of the
recipient
Description: Spotlight did not check the status of Mail's "Load
remote content in messages" setting. This issue was addressed by
improving configuration checking.
CVE-ID
CVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of
LastFriday.no
Spotlight
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may save unexpected information to an external
hard drive
Description: An issue existed in Spotlight where memory contents may
have been written to external hard drives when indexing. This issue
was addressed with better memory management.
CVE-ID
CVE-2014-8832 : F-Secure
SpotlightIndex
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may display results for files not belonging to the
user
Description: A deserialization issue existed in Spotlight's handling
of permission caches. A user performing a Spotlight query may have
been shown search results referencing files for which they don't have
sufficient privileges to read. This issue was addressed with improved
bounds checking.
CVE-ID
CVE-2014-8833 : David J Peacock, Independent Technology Consultant
sysmond
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: A type confusion vulnerability existed in sysmond that
allowed a local application to escalate privileges. The issue was
addressed with improved type checking.
CVE-ID
CVE-2014-8835 : Ian Beer of Google Project Zero
UserAccountUpdater
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Printing-related preference files may contain sensitive
information about PDF documents
Description: OS X Yosemite v10.10 addressed an issue in the handling
of password-protected PDF files created from the Print dialog where
passwords may have been included in printing preference files. This
update removes such extraneous information that may have been present
in printing preference files. For further details see https://support.apple.com/kb/HT204243
OS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F
N9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET
D1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG
LqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX
FcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6
8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/
qmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW
gzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V
0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA
0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns
sAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq
nggZl3Sa+QhfaHSUqSJI
=uAqk
-----END PGP SIGNATURE-----
| VAR-201501-0627 | CVE-2014-4483 | plural Apple Product FontParser Vulnerable to buffer overflow |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document. Multiple Apple products are prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect CoreGraphics, FontParser, Foundation, IOAcceleratorFamily, IOHIDFamily, Kernel, and libnetcoreCore components.
Attackers can exploit these issues to execute arbitrary code, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions. Apple iOS is an operating system developed for mobile devices; Apple OS X is a dedicated operating system developed for Mac computers; Apple TV is a high-definition television set-top box product. CoreGraphics is an iOS built-in drawing framework. The vulnerability is caused by the program not correctly handling font files in PDF documents.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-3192 : cloudfuzzer
CVE-2014-4459
CVE-2014-4466 : Apple
CVE-2014-4468 : Apple
CVE-2014-4469 : Apple
CVE-2014-4470 : Apple
CVE-2014-4471 : Apple
CVE-2014-4472 : Apple
CVE-2014-4473 : Apple
CVE-2014-4474 : Apple
CVE-2014-4475 : Apple
CVE-2014-4476 : Apple
CVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day Initiative
CVE-2014-4479 : Apple
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.1.3". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
OS X 10.10.2 and Security Update 2015-001 are now available and
address the following:
AFP Server
Available for: OS X Mavericks v10.9.5
Impact: A remote attacker may be able to determine all the network
addresses of the system
Description: The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
bash
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in bash, including one that may
allow local attackers to execute arbitrary code
Description: Multiple vulnerabilities existed in bash. These issues
were addressed by updating bash to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
Bluetooth
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer signedness error existed in
IOBluetoothFamily which allowed manipulation of kernel memory. This
issue was addressed through improved bounds checking. This issue does
not affect OS X Yosemite systems.
CVE-ID
CVE-2014-4497
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An error existed in the Bluetooth driver that allowed a
malicious application to control the size of a write to kernel
memory. The issue was addressed through additional input validation.
CVE-ID
CVE-2014-8836 : Ian Beer of Google Project Zero
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple security issues existed in the Bluetooth
driver, allowing a malicious application to execute arbitrary code
with system privilege. The issues were addressed through additional
input validation.
CVE-ID
CVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze
Networks
CFNetwork Cache
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Website cache may not be fully cleared after leaving private
browsing
Description: A privacy issue existed where browsing data could
remain in the cache after leaving private browsing. This issue was
addressed through a change in caching behavior. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
CPU Software
Available for: OS X Yosemite v10.10 and v10.10.1,
for: MacBook Pro Retina, MacBook Air (Mid 2013 and later),
iMac (Late 2013 and later), Mac Pro (Late 2013)
Impact: A malicious Thunderbolt device may be able to affect
firmware flashing
Description: Thunderbolt devices could modify the host firmware if
connected during an EFI update. This issue was addressed by not
loading option ROMs during updates.
CVE-ID
CVE-2014-4498 : Trammell Hudson of Two Sigma Investments
CommerceKit Framework
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: An attacker with access to a system may be able to recover
Apple ID credentials
Description: An issue existed in the handling of App Store logs. The
App Store process could log Apple ID credentials in the log when
additional logging was enabled. This issue was addressed by
disallowing logging of credentials.
CVE-ID
CVE-2014-4499 : Sten Petersen
CoreGraphics
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Some third-party applications with non-secure text entry and
mouse events may log those events
Description: Due to the combination of an uninitialized variable and
an application's custom allocator, non-secure text entry and mouse
events may have been logged. This issue was addressed by ensuring
that logging is off by default. This issue did not affect systems
prior to OS X Yosemite.
CVE-ID
CVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
PDF files. The issue was addressed through improved bounds checking.
This issue does not affect OS X Yosemite systems.
CVE-ID
CVE-2014-8816 : Mike Myers, of Digital Operatives LLC
CoreSymbolication
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple type confusion issues existed in
coresymbolicationd's handling of XPC messages. These issues were
addressed through improved type checking.
CVE-ID
CVE-2014-8817 : Ian Beer of Google Project Zero
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking. This issue was addressed through improved bounds checking. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in Intel graphics driver
Description: Multiple vulnerabilities existed in the Intel graphics
driver, the most serious of which may have led to arbitrary code
execution with system privileges. This update addresses the issues
through additional bounds checks.
CVE-ID
CVE-2014-8819 : Ian Beer of Google Project Zero
CVE-2014-8820 : Ian Beer of Google Project Zero
CVE-2014-8821 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of certain IOService userclient types.
This issue was addressed through improved validation of
IOAcceleratorFamily contexts.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed with improved bounds checking.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation of IOHIDFamily event queue initialization.
CVE-ID
CVE-2014-4489 : @beist
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: A bounds checking issue existed in a user client vended
by the IOHIDFamily driver which allowed a malicious application to
overwrite arbitrary portions of the kernel address space. The issue
is addressed by removing the vulnerable user client method.
CVE-ID
CVE-2014-8822 : Vitaliy Toropov working with HP's Zero Day Initiative
IOKit
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
IOUSBFamily
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A privileged application may be able to read arbitrary data
from kernel memory
Description: A memory access issue existed in the handling of IOUSB
controller user client functions. This issue was addressed through
improved argument validation.
CVE-ID
CVE-2014-8823 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Specifying a custom cache mode allowed writing to
kernel read-only shared memory segments. This issue was addressed by
not granting write permissions as a side-effect of some custom cache
modes.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-8824 : @PanguTeam
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local attacker can spoof directory service responses to
the kernel, elevate privileges, or gain kernel execution
Description: Issues existed in identitysvc validation of the
directory service resolving process, flag handling, and error
handling. This issue was addressed through improved validation.
CVE-ID
CVE-2014-8825 : Alex Radocea of CrowdStrike
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: OS X Mavericks v10.9.5
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IOSharedDataQueue objects. This issue was
addressed through relocation of the metadata.
CVE-ID
CVE-2014-4461 : @PanguTeam
LaunchServices
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious JAR file may bypass Gatekeeper checks
Description: An issue existed in the handling of application
launches which allowed certain malicious JAR files to bypass
Gatekeeper checks. This issue was addressed through improved handling
of file type metadata.
CVE-ID
CVE-2014-8826 : Hernan Ochoa of Amplia Security
libnetcore
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. By sending networkd a
maliciously formatted message, it may have been possible to execute
arbitrary code as the networkd process. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
LoginWindow
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A Mac may not lock immediately upon wake
Description: An issue existed in the rendering of the lock screen.
This issue was address through improved screen rendering while
locked.
CVE-ID
CVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed
testers
lukemftp
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Using the command line ftp tool to fetch files from a
malicious http server may lead to arbitrary code execution
Description: A command injection issue existed in the handling of
HTTP redirects. This issue was addressed through improved validation
of special characters.
CVE-ID
CVE-2014-8517
OpenSSL
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one
that may allow an attacker to downgrade connections to use weaker
cipher-suites in applications using the library
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8za.
These issues were addressed by updating OpenSSL to version 0.9.8zc.
CVE-ID
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
Sandbox
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A design issue existed in the caching of sandbox
profiles which allowed sandboxed applications to gain write access to
the cache. This issue was addressed by restricting write access to
paths containing a "com.apple.sandbox" segment. This issue does
not affect OS X Yosemite v10.10 or later.
CVE-ID
CVE-2014-8828 : Apple
SceneKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: Multiple out of bounds write issues existed in
SceneKit. These issues were addressed through improved bounds
checking. Viewing a maliciously crafted Collada file may have
led to an unexpected application termination or arbitrary code
execution. This issue was addressed through improved validation of
accessor elements.
CVE-ID
CVE-2014-8830 : Jose Duart of Google Security Team
Security
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A downloaded application signed with a revoked Developer ID
certificate may pass Gatekeeper checks
Description: An issue existed with how cached application
certificate information was evaluated. This issue was addressed with
cache logic improvements.
CVE-ID
CVE-2014-8838 : Apple
security_taskgate
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: An app may access keychain items belonging to other apps
Description: An access control issue existed in the Keychain.
Applications signed with self-signed or Developer ID certificates
could access keychain items whose access control lists were based on
keychain groups. This issue was addressed by validating the signing
identity when granting access to keychain groups.
CVE-ID
CVE-2014-8831 : Apple
Spotlight
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: The sender of an email could determine the IP address of the
recipient
Description: Spotlight did not check the status of Mail's "Load
remote content in messages" setting. This issue was addressed by
improving configuration checking.
CVE-ID
CVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of
LastFriday.no
Spotlight
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may save unexpected information to an external
hard drive
Description: An issue existed in Spotlight where memory contents may
have been written to external hard drives when indexing. This issue
was addressed with better memory management.
CVE-ID
CVE-2014-8832 : F-Secure
SpotlightIndex
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may display results for files not belonging to the
user
Description: A deserialization issue existed in Spotlight's handling
of permission caches. A user performing a Spotlight query may have
been shown search results referencing files for which they don't have
sufficient privileges to read. This issue was addressed with improved
bounds checking.
CVE-ID
CVE-2014-8833 : David J Peacock, Independent Technology Consultant
sysmond
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: A type confusion vulnerability existed in sysmond that
allowed a local application to escalate privileges. The issue was
addressed with improved type checking.
CVE-ID
CVE-2014-8835 : Ian Beer of Google Project Zero
UserAccountUpdater
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Printing-related preference files may contain sensitive
information about PDF documents
Description: OS X Yosemite v10.10 addressed an issue in the handling
of password-protected PDF files created from the Print dialog where
passwords may have been included in printing preference files. This
update removes such extraneous information that may have been present
in printing preference files.
CVE-ID
CVE-2014-8834 : Apple
Note: OS X Yosemite 10.10.2 includes the security content of Safari
8.0.3. For further details see https://support.apple.com/kb/HT204243
OS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F
N9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET
D1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG
LqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX
FcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6
8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/
qmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW
gzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V
0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA
0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns
sAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq
nggZl3Sa+QhfaHSUqSJI
=uAqk
-----END PGP SIGNATURE-----
| VAR-201501-0629 | CVE-2014-4485 | plural Apple Product Foundation of XML Parser buffer overflow vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. Multiple Apple products are prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect CoreGraphics, FontParser, Foundation, IOAcceleratorFamily, IOHIDFamily, Kernel, and libnetcoreCore components.
Attackers can exploit these issues to execute arbitrary code, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions. Apple iOS is an operating system developed for mobile devices; Apple OS X is a dedicated operating system developed for Mac computers; Apple TV is a high-definition television set-top box product. Foundation is a framework that provides basic system services for all applications.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-3192 : cloudfuzzer
CVE-2014-4459
CVE-2014-4466 : Apple
CVE-2014-4468 : Apple
CVE-2014-4469 : Apple
CVE-2014-4470 : Apple
CVE-2014-4471 : Apple
CVE-2014-4472 : Apple
CVE-2014-4473 : Apple
CVE-2014-4474 : Apple
CVE-2014-4475 : Apple
CVE-2014-4476 : Apple
CVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day Initiative
CVE-2014-4479 : Apple
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.1.3". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
OS X 10.10.2 and Security Update 2015-001 are now available and
address the following:
AFP Server
Available for: OS X Mavericks v10.9.5
Impact: A remote attacker may be able to determine all the network
addresses of the system
Description: The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
bash
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in bash, including one that may
allow local attackers to execute arbitrary code
Description: Multiple vulnerabilities existed in bash. These issues
were addressed by updating bash to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
Bluetooth
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer signedness error existed in
IOBluetoothFamily which allowed manipulation of kernel memory. This
issue was addressed through improved bounds checking. This issue does
not affect OS X Yosemite systems.
CVE-ID
CVE-2014-4497
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An error existed in the Bluetooth driver that allowed a
malicious application to control the size of a write to kernel
memory. The issue was addressed through additional input validation.
CVE-ID
CVE-2014-8836 : Ian Beer of Google Project Zero
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple security issues existed in the Bluetooth
driver, allowing a malicious application to execute arbitrary code
with system privilege. The issues were addressed through additional
input validation.
CVE-ID
CVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze
Networks
CFNetwork Cache
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Website cache may not be fully cleared after leaving private
browsing
Description: A privacy issue existed where browsing data could
remain in the cache after leaving private browsing. This issue was
addressed through a change in caching behavior.
CVE-ID
CVE-2014-4460
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
CPU Software
Available for: OS X Yosemite v10.10 and v10.10.1,
for: MacBook Pro Retina, MacBook Air (Mid 2013 and later),
iMac (Late 2013 and later), Mac Pro (Late 2013)
Impact: A malicious Thunderbolt device may be able to affect
firmware flashing
Description: Thunderbolt devices could modify the host firmware if
connected during an EFI update. This issue was addressed by not
loading option ROMs during updates.
CVE-ID
CVE-2014-4498 : Trammell Hudson of Two Sigma Investments
CommerceKit Framework
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: An attacker with access to a system may be able to recover
Apple ID credentials
Description: An issue existed in the handling of App Store logs. The
App Store process could log Apple ID credentials in the log when
additional logging was enabled. This issue was addressed by
disallowing logging of credentials.
CVE-ID
CVE-2014-4499 : Sten Petersen
CoreGraphics
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Some third-party applications with non-secure text entry and
mouse events may log those events
Description: Due to the combination of an uninitialized variable and
an application's custom allocator, non-secure text entry and mouse
events may have been logged. This issue was addressed by ensuring
that logging is off by default. This issue did not affect systems
prior to OS X Yosemite.
CVE-ID
CVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
PDF files. The issue was addressed through improved bounds checking.
This issue does not affect OS X Yosemite systems.
CVE-ID
CVE-2014-8816 : Mike Myers, of Digital Operatives LLC
CoreSymbolication
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple type confusion issues existed in
coresymbolicationd's handling of XPC messages. These issues were
addressed through improved type checking.
CVE-ID
CVE-2014-8817 : Ian Beer of Google Project Zero
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in Intel graphics driver
Description: Multiple vulnerabilities existed in the Intel graphics
driver, the most serious of which may have led to arbitrary code
execution with system privileges. This update addresses the issues
through additional bounds checks.
CVE-ID
CVE-2014-8819 : Ian Beer of Google Project Zero
CVE-2014-8820 : Ian Beer of Google Project Zero
CVE-2014-8821 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of certain IOService userclient types.
This issue was addressed through improved validation of
IOAcceleratorFamily contexts.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed with improved bounds checking.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation of IOHIDFamily event queue initialization.
CVE-ID
CVE-2014-4489 : @beist
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: A bounds checking issue existed in a user client vended
by the IOHIDFamily driver which allowed a malicious application to
overwrite arbitrary portions of the kernel address space. The issue
is addressed by removing the vulnerable user client method.
CVE-ID
CVE-2014-8822 : Vitaliy Toropov working with HP's Zero Day Initiative
IOKit
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
IOUSBFamily
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A privileged application may be able to read arbitrary data
from kernel memory
Description: A memory access issue existed in the handling of IOUSB
controller user client functions. This issue was addressed through
improved argument validation.
CVE-ID
CVE-2014-8823 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Specifying a custom cache mode allowed writing to
kernel read-only shared memory segments. This issue was addressed by
not granting write permissions as a side-effect of some custom cache
modes.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-8824 : @PanguTeam
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local attacker can spoof directory service responses to
the kernel, elevate privileges, or gain kernel execution
Description: Issues existed in identitysvc validation of the
directory service resolving process, flag handling, and error
handling. This issue was addressed through improved validation.
CVE-ID
CVE-2014-8825 : Alex Radocea of CrowdStrike
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: OS X Mavericks v10.9.5
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IOSharedDataQueue objects. This issue was
addressed through relocation of the metadata.
CVE-ID
CVE-2014-4461 : @PanguTeam
LaunchServices
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious JAR file may bypass Gatekeeper checks
Description: An issue existed in the handling of application
launches which allowed certain malicious JAR files to bypass
Gatekeeper checks. This issue was addressed through improved handling
of file type metadata.
CVE-ID
CVE-2014-8826 : Hernan Ochoa of Amplia Security
libnetcore
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. By sending networkd a
maliciously formatted message, it may have been possible to execute
arbitrary code as the networkd process. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
LoginWindow
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A Mac may not lock immediately upon wake
Description: An issue existed in the rendering of the lock screen.
This issue was address through improved screen rendering while
locked.
CVE-ID
CVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed
testers
lukemftp
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Using the command line ftp tool to fetch files from a
malicious http server may lead to arbitrary code execution
Description: A command injection issue existed in the handling of
HTTP redirects. This issue was addressed through improved validation
of special characters.
CVE-ID
CVE-2014-8517
OpenSSL
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one
that may allow an attacker to downgrade connections to use weaker
cipher-suites in applications using the library
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8za.
These issues were addressed by updating OpenSSL to version 0.9.8zc.
CVE-ID
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
Sandbox
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A design issue existed in the caching of sandbox
profiles which allowed sandboxed applications to gain write access to
the cache. This issue was addressed by restricting write access to
paths containing a "com.apple.sandbox" segment. This issue does
not affect OS X Yosemite v10.10 or later.
CVE-ID
CVE-2014-8828 : Apple
SceneKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: Multiple out of bounds write issues existed in
SceneKit. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2014-8829 : Jose Duart of the Google Security Team
SceneKit
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted Collada file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in SceneKit's handling
of Collada files. Viewing a maliciously crafted Collada file may have
led to an unexpected application termination or arbitrary code
execution. This issue was addressed through improved validation of
accessor elements.
CVE-ID
CVE-2014-8830 : Jose Duart of Google Security Team
Security
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A downloaded application signed with a revoked Developer ID
certificate may pass Gatekeeper checks
Description: An issue existed with how cached application
certificate information was evaluated. This issue was addressed with
cache logic improvements.
CVE-ID
CVE-2014-8838 : Apple
security_taskgate
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: An app may access keychain items belonging to other apps
Description: An access control issue existed in the Keychain.
Applications signed with self-signed or Developer ID certificates
could access keychain items whose access control lists were based on
keychain groups. This issue was addressed by validating the signing
identity when granting access to keychain groups.
CVE-ID
CVE-2014-8831 : Apple
Spotlight
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: The sender of an email could determine the IP address of the
recipient
Description: Spotlight did not check the status of Mail's "Load
remote content in messages" setting. This issue was addressed by
improving configuration checking.
CVE-ID
CVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of
LastFriday.no
Spotlight
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may save unexpected information to an external
hard drive
Description: An issue existed in Spotlight where memory contents may
have been written to external hard drives when indexing. This issue
was addressed with better memory management.
CVE-ID
CVE-2014-8832 : F-Secure
SpotlightIndex
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may display results for files not belonging to the
user
Description: A deserialization issue existed in Spotlight's handling
of permission caches. A user performing a Spotlight query may have
been shown search results referencing files for which they don't have
sufficient privileges to read. This issue was addressed with improved
bounds checking.
CVE-ID
CVE-2014-8833 : David J Peacock, Independent Technology Consultant
sysmond
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: A type confusion vulnerability existed in sysmond that
allowed a local application to escalate privileges. The issue was
addressed with improved type checking.
CVE-ID
CVE-2014-8835 : Ian Beer of Google Project Zero
UserAccountUpdater
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Printing-related preference files may contain sensitive
information about PDF documents
Description: OS X Yosemite v10.10 addressed an issue in the handling
of password-protected PDF files created from the Print dialog where
passwords may have been included in printing preference files. This
update removes such extraneous information that may have been present
in printing preference files.
CVE-ID
CVE-2014-8834 : Apple
Note: OS X Yosemite 10.10.2 includes the security content of Safari
8.0.3. For further details see https://support.apple.com/kb/HT204243
OS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F
N9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET
D1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG
LqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX
FcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6
8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/
qmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW
gzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V
0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA
0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns
sAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq
nggZl3Sa+QhfaHSUqSJI
=uAqk
-----END PGP SIGNATURE-----
| VAR-201501-0617 | CVE-2014-4495 | plural Apple Vulnerabilities that prevent access restrictions in the product kernel |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app. Multiple Apple products are prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect CoreGraphics, FontParser, Foundation, IOAcceleratorFamily, IOHIDFamily, Kernel, and libnetcoreCore components.
Attackers can exploit these issues to execute arbitrary code, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions. in the United States. Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition TV set-top box product; Apple OS X is a dedicated operating system developed for Mac computers. The vulnerability is caused by not forcibly assigning read-only permission to the shared memory segment when the program uses a custom cache mode. An attacker could exploit this vulnerability with the help of a specially crafted application to bypass established access restrictions. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
OS X 10.10.2 and Security Update 2015-001 are now available and
address the following:
AFP Server
Available for: OS X Mavericks v10.9.5
Impact: A remote attacker may be able to determine all the network
addresses of the system
Description: The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
bash
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in bash, including one that may
allow local attackers to execute arbitrary code
Description: Multiple vulnerabilities existed in bash. These issues
were addressed by updating bash to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
Bluetooth
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer signedness error existed in
IOBluetoothFamily which allowed manipulation of kernel memory. This
issue was addressed through improved bounds checking. This issue does
not affect OS X Yosemite systems.
CVE-ID
CVE-2014-4497
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An error existed in the Bluetooth driver that allowed a
malicious application to control the size of a write to kernel
memory. The issue was addressed through additional input validation.
CVE-ID
CVE-2014-8836 : Ian Beer of Google Project Zero
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple security issues existed in the Bluetooth
driver, allowing a malicious application to execute arbitrary code
with system privilege. The issues were addressed through additional
input validation.
CVE-ID
CVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze
Networks
CFNetwork Cache
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Website cache may not be fully cleared after leaving private
browsing
Description: A privacy issue existed where browsing data could
remain in the cache after leaving private browsing. This issue was
addressed through a change in caching behavior.
CVE-ID
CVE-2014-4460
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
CPU Software
Available for: OS X Yosemite v10.10 and v10.10.1,
for: MacBook Pro Retina, MacBook Air (Mid 2013 and later),
iMac (Late 2013 and later), Mac Pro (Late 2013)
Impact: A malicious Thunderbolt device may be able to affect
firmware flashing
Description: Thunderbolt devices could modify the host firmware if
connected during an EFI update. This issue was addressed by not
loading option ROMs during updates.
CVE-ID
CVE-2014-4498 : Trammell Hudson of Two Sigma Investments
CommerceKit Framework
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: An attacker with access to a system may be able to recover
Apple ID credentials
Description: An issue existed in the handling of App Store logs. The
App Store process could log Apple ID credentials in the log when
additional logging was enabled. This issue was addressed by
disallowing logging of credentials.
CVE-ID
CVE-2014-4499 : Sten Petersen
CoreGraphics
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Some third-party applications with non-secure text entry and
mouse events may log those events
Description: Due to the combination of an uninitialized variable and
an application's custom allocator, non-secure text entry and mouse
events may have been logged. This issue was addressed by ensuring
that logging is off by default. This issue did not affect systems
prior to OS X Yosemite.
CVE-ID
CVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
PDF files. The issue was addressed through improved bounds checking.
This issue does not affect OS X Yosemite systems.
CVE-ID
CVE-2014-8816 : Mike Myers, of Digital Operatives LLC
CoreSymbolication
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple type confusion issues existed in
coresymbolicationd's handling of XPC messages. These issues were
addressed through improved type checking.
CVE-ID
CVE-2014-8817 : Ian Beer of Google Project Zero
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
Foundation
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in Intel graphics driver
Description: Multiple vulnerabilities existed in the Intel graphics
driver, the most serious of which may have led to arbitrary code
execution with system privileges. This update addresses the issues
through additional bounds checks.
CVE-ID
CVE-2014-8819 : Ian Beer of Google Project Zero
CVE-2014-8820 : Ian Beer of Google Project Zero
CVE-2014-8821 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of certain IOService userclient types.
This issue was addressed through improved validation of
IOAcceleratorFamily contexts.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed with improved bounds checking.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation of IOHIDFamily event queue initialization.
CVE-ID
CVE-2014-4489 : @beist
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: A bounds checking issue existed in a user client vended
by the IOHIDFamily driver which allowed a malicious application to
overwrite arbitrary portions of the kernel address space. The issue
is addressed by removing the vulnerable user client method.
CVE-ID
CVE-2014-8822 : Vitaliy Toropov working with HP's Zero Day Initiative
IOKit
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
IOUSBFamily
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A privileged application may be able to read arbitrary data
from kernel memory
Description: A memory access issue existed in the handling of IOUSB
controller user client functions. This issue was addressed through
improved argument validation. This issue was addressed by
not granting write permissions as a side-effect of some custom cache
modes.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-8824 : @PanguTeam
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local attacker can spoof directory service responses to
the kernel, elevate privileges, or gain kernel execution
Description: Issues existed in identitysvc validation of the
directory service resolving process, flag handling, and error
handling. This issue was addressed through improved validation.
CVE-ID
CVE-2014-8825 : Alex Radocea of CrowdStrike
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: OS X Mavericks v10.9.5
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IOSharedDataQueue objects. This issue was
addressed through relocation of the metadata.
CVE-ID
CVE-2014-4461 : @PanguTeam
LaunchServices
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious JAR file may bypass Gatekeeper checks
Description: An issue existed in the handling of application
launches which allowed certain malicious JAR files to bypass
Gatekeeper checks. This issue was addressed through improved handling
of file type metadata.
CVE-ID
CVE-2014-8826 : Hernan Ochoa of Amplia Security
libnetcore
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. By sending networkd a
maliciously formatted message, it may have been possible to execute
arbitrary code as the networkd process. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
LoginWindow
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A Mac may not lock immediately upon wake
Description: An issue existed in the rendering of the lock screen.
This issue was address through improved screen rendering while
locked.
CVE-ID
CVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed
testers
lukemftp
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Using the command line ftp tool to fetch files from a
malicious http server may lead to arbitrary code execution
Description: A command injection issue existed in the handling of
HTTP redirects. This issue was addressed through improved validation
of special characters.
CVE-ID
CVE-2014-8517
OpenSSL
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one
that may allow an attacker to downgrade connections to use weaker
cipher-suites in applications using the library
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8za.
These issues were addressed by updating OpenSSL to version 0.9.8zc.
CVE-ID
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
Sandbox
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A design issue existed in the caching of sandbox
profiles which allowed sandboxed applications to gain write access to
the cache. This issue was addressed by restricting write access to
paths containing a "com.apple.sandbox" segment. This issue does
not affect OS X Yosemite v10.10 or later.
CVE-ID
CVE-2014-8828 : Apple
SceneKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: Multiple out of bounds write issues existed in
SceneKit. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2014-8829 : Jose Duart of the Google Security Team
SceneKit
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted Collada file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in SceneKit's handling
of Collada files. Viewing a maliciously crafted Collada file may have
led to an unexpected application termination or arbitrary code
execution. This issue was addressed through improved validation of
accessor elements.
CVE-ID
CVE-2014-8830 : Jose Duart of Google Security Team
Security
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A downloaded application signed with a revoked Developer ID
certificate may pass Gatekeeper checks
Description: An issue existed with how cached application
certificate information was evaluated. This issue was addressed with
cache logic improvements.
CVE-ID
CVE-2014-8838 : Apple
security_taskgate
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: An app may access keychain items belonging to other apps
Description: An access control issue existed in the Keychain.
Applications signed with self-signed or Developer ID certificates
could access keychain items whose access control lists were based on
keychain groups. This issue was addressed by validating the signing
identity when granting access to keychain groups.
CVE-ID
CVE-2014-8831 : Apple
Spotlight
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: The sender of an email could determine the IP address of the
recipient
Description: Spotlight did not check the status of Mail's "Load
remote content in messages" setting. This issue was addressed by
improving configuration checking.
CVE-ID
CVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of
LastFriday.no
Spotlight
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may save unexpected information to an external
hard drive
Description: An issue existed in Spotlight where memory contents may
have been written to external hard drives when indexing. This issue
was addressed with better memory management.
CVE-ID
CVE-2014-8832 : F-Secure
SpotlightIndex
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may display results for files not belonging to the
user
Description: A deserialization issue existed in Spotlight's handling
of permission caches. A user performing a Spotlight query may have
been shown search results referencing files for which they don't have
sufficient privileges to read. This issue was addressed with improved
bounds checking.
CVE-ID
CVE-2014-8833 : David J Peacock, Independent Technology Consultant
sysmond
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: A type confusion vulnerability existed in sysmond that
allowed a local application to escalate privileges. The issue was
addressed with improved type checking.
CVE-ID
CVE-2014-8835 : Ian Beer of Google Project Zero
UserAccountUpdater
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Printing-related preference files may contain sensitive
information about PDF documents
Description: OS X Yosemite v10.10 addressed an issue in the handling
of password-protected PDF files created from the Print dialog where
passwords may have been included in printing preference files. This
update removes such extraneous information that may have been present
in printing preference files.
CVE-ID
CVE-2014-8834 : Apple
Note: OS X Yosemite 10.10.2 includes the security content of Safari
8.0.3. For further details see https://support.apple.com/kb/HT204243
OS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F
N9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET
D1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG
LqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX
FcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6
8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/
qmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW
gzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V
0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA
0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns
sAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq
nggZl3Sa+QhfaHSUqSJI
=uAqk
-----END PGP SIGNATURE-----
. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-3192 : cloudfuzzer
CVE-2014-4459
CVE-2014-4466 : Apple
CVE-2014-4468 : Apple
CVE-2014-4469 : Apple
CVE-2014-4470 : Apple
CVE-2014-4471 : Apple
CVE-2014-4472 : Apple
CVE-2014-4473 : Apple
CVE-2014-4474 : Apple
CVE-2014-4475 : Apple
CVE-2014-4476 : Apple
CVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day Initiative
CVE-2014-4479 : Apple
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".
To check the current version of software, select
"Settings -> General -> About"
| VAR-201501-0628 | CVE-2014-4484 | plural Apple Product FontParser Vulnerable to arbitrary code execution |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a dfont file. When processing a malformed dfont file, a specified value is parsed from the file and passed to the memmove API call which can cause memory corruption. A remote attacker can use this to execute remote code under the context of the user. Multiple Apple products are prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect CoreGraphics, FontParser, Foundation, IOAcceleratorFamily, IOHIDFamily, Kernel, and libnetcoreCore components. Failed attacks may cause denial-of-service conditions. FontParser is a font parsing component. A buffer overflow vulnerability exists in the FontParser of several Apple products due to the program's improper handling of .dfont files.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-3192 : cloudfuzzer
CVE-2014-4459
CVE-2014-4466 : Apple
CVE-2014-4468 : Apple
CVE-2014-4469 : Apple
CVE-2014-4470 : Apple
CVE-2014-4471 : Apple
CVE-2014-4472 : Apple
CVE-2014-4473 : Apple
CVE-2014-4474 : Apple
CVE-2014-4475 : Apple
CVE-2014-4476 : Apple
CVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day Initiative
CVE-2014-4479 : Apple
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.1.3". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
OS X 10.10.2 and Security Update 2015-001 are now available and
address the following:
AFP Server
Available for: OS X Mavericks v10.9.5
Impact: A remote attacker may be able to determine all the network
addresses of the system
Description: The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
bash
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in bash, including one that may
allow local attackers to execute arbitrary code
Description: Multiple vulnerabilities existed in bash. These issues
were addressed by updating bash to patch level 57. This
issue was addressed through improved bounds checking. This issue does
not affect OS X Yosemite systems.
CVE-ID
CVE-2014-4497
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An error existed in the Bluetooth driver that allowed a
malicious application to control the size of a write to kernel
memory. The issue was addressed through additional input validation.
CVE-ID
CVE-2014-8836 : Ian Beer of Google Project Zero
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple security issues existed in the Bluetooth
driver, allowing a malicious application to execute arbitrary code
with system privilege. The issues were addressed through additional
input validation.
CVE-ID
CVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze
Networks
CFNetwork Cache
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Website cache may not be fully cleared after leaving private
browsing
Description: A privacy issue existed where browsing data could
remain in the cache after leaving private browsing. This issue was
addressed through a change in caching behavior.
CVE-ID
CVE-2014-4460
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
CPU Software
Available for: OS X Yosemite v10.10 and v10.10.1,
for: MacBook Pro Retina, MacBook Air (Mid 2013 and later),
iMac (Late 2013 and later), Mac Pro (Late 2013)
Impact: A malicious Thunderbolt device may be able to affect
firmware flashing
Description: Thunderbolt devices could modify the host firmware if
connected during an EFI update. This issue was addressed by not
loading option ROMs during updates.
CVE-ID
CVE-2014-4498 : Trammell Hudson of Two Sigma Investments
CommerceKit Framework
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: An attacker with access to a system may be able to recover
Apple ID credentials
Description: An issue existed in the handling of App Store logs. The
App Store process could log Apple ID credentials in the log when
additional logging was enabled. This issue was addressed by
disallowing logging of credentials.
CVE-ID
CVE-2014-4499 : Sten Petersen
CoreGraphics
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Some third-party applications with non-secure text entry and
mouse events may log those events
Description: Due to the combination of an uninitialized variable and
an application's custom allocator, non-secure text entry and mouse
events may have been logged. This issue was addressed by ensuring
that logging is off by default. This issue did not affect systems
prior to OS X Yosemite. The issue was addressed through improved bounds checking.
This issue does not affect OS X Yosemite systems.
CVE-ID
CVE-2014-8816 : Mike Myers, of Digital Operatives LLC
CoreSymbolication
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple type confusion issues existed in
coresymbolicationd's handling of XPC messages. These issues were
addressed through improved type checking. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in Intel graphics driver
Description: Multiple vulnerabilities existed in the Intel graphics
driver, the most serious of which may have led to arbitrary code
execution with system privileges. This update addresses the issues
through additional bounds checks.
CVE-ID
CVE-2014-8819 : Ian Beer of Google Project Zero
CVE-2014-8820 : Ian Beer of Google Project Zero
CVE-2014-8821 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of certain IOService userclient types.
This issue was addressed through improved validation of
IOAcceleratorFamily contexts.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed with improved bounds checking.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation of IOHIDFamily event queue initialization.
CVE-ID
CVE-2014-4489 : @beist
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: A bounds checking issue existed in a user client vended
by the IOHIDFamily driver which allowed a malicious application to
overwrite arbitrary portions of the kernel address space. The issue
is addressed by removing the vulnerable user client method.
CVE-ID
CVE-2014-8822 : Vitaliy Toropov working with HP's Zero Day Initiative
IOKit
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
IOUSBFamily
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A privileged application may be able to read arbitrary data
from kernel memory
Description: A memory access issue existed in the handling of IOUSB
controller user client functions. This issue was addressed through
improved argument validation.
CVE-ID
CVE-2014-8823 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Specifying a custom cache mode allowed writing to
kernel read-only shared memory segments. This issue was addressed by
not granting write permissions as a side-effect of some custom cache
modes.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-8824 : @PanguTeam
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local attacker can spoof directory service responses to
the kernel, elevate privileges, or gain kernel execution
Description: Issues existed in identitysvc validation of the
directory service resolving process, flag handling, and error
handling. This issue was addressed through improved validation.
CVE-ID
CVE-2014-8825 : Alex Radocea of CrowdStrike
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: OS X Mavericks v10.9.5
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IOSharedDataQueue objects. This issue was
addressed through relocation of the metadata.
CVE-ID
CVE-2014-4461 : @PanguTeam
LaunchServices
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious JAR file may bypass Gatekeeper checks
Description: An issue existed in the handling of application
launches which allowed certain malicious JAR files to bypass
Gatekeeper checks.
CVE-ID
CVE-2014-8826 : Hernan Ochoa of Amplia Security
libnetcore
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. By sending networkd a
maliciously formatted message, it may have been possible to execute
arbitrary code as the networkd process. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
LoginWindow
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A Mac may not lock immediately upon wake
Description: An issue existed in the rendering of the lock screen.
This issue was address through improved screen rendering while
locked.
CVE-ID
CVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed
testers
lukemftp
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Using the command line ftp tool to fetch files from a
malicious http server may lead to arbitrary code execution
Description: A command injection issue existed in the handling of
HTTP redirects. This issue was addressed through improved validation
of special characters.
CVE-ID
CVE-2014-8517
OpenSSL
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one
that may allow an attacker to downgrade connections to use weaker
cipher-suites in applications using the library
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8za.
These issues were addressed by updating OpenSSL to version 0.9.8zc.
CVE-ID
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
Sandbox
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A design issue existed in the caching of sandbox
profiles which allowed sandboxed applications to gain write access to
the cache. This issue was addressed by restricting write access to
paths containing a "com.apple.sandbox" segment. This issue does
not affect OS X Yosemite v10.10 or later.
CVE-ID
CVE-2014-8828 : Apple
SceneKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: Multiple out of bounds write issues existed in
SceneKit. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2014-8829 : Jose Duart of the Google Security Team
SceneKit
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted Collada file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in SceneKit's handling
of Collada files. This issue was addressed through improved validation of
accessor elements.
CVE-ID
CVE-2014-8830 : Jose Duart of Google Security Team
Security
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A downloaded application signed with a revoked Developer ID
certificate may pass Gatekeeper checks
Description: An issue existed with how cached application
certificate information was evaluated. This issue was addressed with
cache logic improvements.
CVE-ID
CVE-2014-8838 : Apple
security_taskgate
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: An app may access keychain items belonging to other apps
Description: An access control issue existed in the Keychain.
Applications signed with self-signed or Developer ID certificates
could access keychain items whose access control lists were based on
keychain groups. This issue was addressed by validating the signing
identity when granting access to keychain groups.
CVE-ID
CVE-2014-8831 : Apple
Spotlight
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: The sender of an email could determine the IP address of the
recipient
Description: Spotlight did not check the status of Mail's "Load
remote content in messages" setting. This issue was addressed by
improving configuration checking.
CVE-ID
CVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of
LastFriday.no
Spotlight
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may save unexpected information to an external
hard drive
Description: An issue existed in Spotlight where memory contents may
have been written to external hard drives when indexing. This issue
was addressed with better memory management.
CVE-ID
CVE-2014-8832 : F-Secure
SpotlightIndex
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may display results for files not belonging to the
user
Description: A deserialization issue existed in Spotlight's handling
of permission caches. A user performing a Spotlight query may have
been shown search results referencing files for which they don't have
sufficient privileges to read. This issue was addressed with improved
bounds checking.
CVE-ID
CVE-2014-8833 : David J Peacock, Independent Technology Consultant
sysmond
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: A type confusion vulnerability existed in sysmond that
allowed a local application to escalate privileges. The issue was
addressed with improved type checking.
CVE-ID
CVE-2014-8835 : Ian Beer of Google Project Zero
UserAccountUpdater
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Printing-related preference files may contain sensitive
information about PDF documents
Description: OS X Yosemite v10.10 addressed an issue in the handling
of password-protected PDF files created from the Print dialog where
passwords may have been included in printing preference files. This
update removes such extraneous information that may have been present
in printing preference files.
CVE-ID
CVE-2014-8834 : Apple
Note: OS X Yosemite 10.10.2 includes the security content of Safari
8.0.3. For further details see https://support.apple.com/kb/HT204243
OS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F
N9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET
D1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG
LqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX
FcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6
8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/
qmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW
gzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V
0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA
0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns
sAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq
nggZl3Sa+QhfaHSUqSJI
=uAqk
-----END PGP SIGNATURE-----
| VAR-201501-0626 | CVE-2014-4481 | plural Apple Product CoreGraphics Integer overflow vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. Multiple Apple products are prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect CoreGraphics, FontParser, Foundation, IOAcceleratorFamily, IOHIDFamily, Kernel, and libnetcoreCore components.
Attackers can exploit these issues to execute arbitrary code, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions. Apple iOS is an operating system developed for mobile devices; Apple OS X is a dedicated operating system developed for Mac computers; Apple TV is a high-definition television set-top box product. CoreGraphics is an iOS built-in drawing framework. The vulnerability is caused by the program's improper handling of PDF files.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-3192 : cloudfuzzer
CVE-2014-4459
CVE-2014-4466 : Apple
CVE-2014-4468 : Apple
CVE-2014-4469 : Apple
CVE-2014-4470 : Apple
CVE-2014-4471 : Apple
CVE-2014-4472 : Apple
CVE-2014-4473 : Apple
CVE-2014-4474 : Apple
CVE-2014-4475 : Apple
CVE-2014-4476 : Apple
CVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day Initiative
CVE-2014-4479 : Apple
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.1.3". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
OS X 10.10.2 and Security Update 2015-001 are now available and
address the following:
AFP Server
Available for: OS X Mavericks v10.9.5
Impact: A remote attacker may be able to determine all the network
addresses of the system
Description: The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
bash
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in bash, including one that may
allow local attackers to execute arbitrary code
Description: Multiple vulnerabilities existed in bash. These issues
were addressed by updating bash to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
Bluetooth
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer signedness error existed in
IOBluetoothFamily which allowed manipulation of kernel memory. This
issue was addressed through improved bounds checking. This issue does
not affect OS X Yosemite systems.
CVE-ID
CVE-2014-4497
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An error existed in the Bluetooth driver that allowed a
malicious application to control the size of a write to kernel
memory. The issue was addressed through additional input validation.
CVE-ID
CVE-2014-8836 : Ian Beer of Google Project Zero
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple security issues existed in the Bluetooth
driver, allowing a malicious application to execute arbitrary code
with system privilege. The issues were addressed through additional
input validation.
CVE-ID
CVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze
Networks
CFNetwork Cache
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Website cache may not be fully cleared after leaving private
browsing
Description: A privacy issue existed where browsing data could
remain in the cache after leaving private browsing. This issue was
addressed through a change in caching behavior. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
CPU Software
Available for: OS X Yosemite v10.10 and v10.10.1,
for: MacBook Pro Retina, MacBook Air (Mid 2013 and later),
iMac (Late 2013 and later), Mac Pro (Late 2013)
Impact: A malicious Thunderbolt device may be able to affect
firmware flashing
Description: Thunderbolt devices could modify the host firmware if
connected during an EFI update. This issue was addressed by not
loading option ROMs during updates.
CVE-ID
CVE-2014-4498 : Trammell Hudson of Two Sigma Investments
CommerceKit Framework
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: An attacker with access to a system may be able to recover
Apple ID credentials
Description: An issue existed in the handling of App Store logs. The
App Store process could log Apple ID credentials in the log when
additional logging was enabled. This issue was addressed by
disallowing logging of credentials.
CVE-ID
CVE-2014-4499 : Sten Petersen
CoreGraphics
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Some third-party applications with non-secure text entry and
mouse events may log those events
Description: Due to the combination of an uninitialized variable and
an application's custom allocator, non-secure text entry and mouse
events may have been logged. This issue was addressed by ensuring
that logging is off by default. This issue did not affect systems
prior to OS X Yosemite.
CVE-ID
CVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
PDF files. The issue was addressed through improved bounds checking.
This issue does not affect OS X Yosemite systems.
CVE-ID
CVE-2014-8816 : Mike Myers, of Digital Operatives LLC
CoreSymbolication
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple type confusion issues existed in
coresymbolicationd's handling of XPC messages. These issues were
addressed through improved type checking.
CVE-ID
CVE-2014-8817 : Ian Beer of Google Project Zero
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in Intel graphics driver
Description: Multiple vulnerabilities existed in the Intel graphics
driver, the most serious of which may have led to arbitrary code
execution with system privileges. This update addresses the issues
through additional bounds checks.
CVE-ID
CVE-2014-8819 : Ian Beer of Google Project Zero
CVE-2014-8820 : Ian Beer of Google Project Zero
CVE-2014-8821 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of certain IOService userclient types.
This issue was addressed through improved validation of
IOAcceleratorFamily contexts.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed with improved bounds checking.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation of IOHIDFamily event queue initialization.
CVE-ID
CVE-2014-4489 : @beist
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: A bounds checking issue existed in a user client vended
by the IOHIDFamily driver which allowed a malicious application to
overwrite arbitrary portions of the kernel address space. The issue
is addressed by removing the vulnerable user client method. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
IOUSBFamily
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A privileged application may be able to read arbitrary data
from kernel memory
Description: A memory access issue existed in the handling of IOUSB
controller user client functions. This issue was addressed through
improved argument validation.
CVE-ID
CVE-2014-8823 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Specifying a custom cache mode allowed writing to
kernel read-only shared memory segments. This issue was addressed by
not granting write permissions as a side-effect of some custom cache
modes.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-8824 : @PanguTeam
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local attacker can spoof directory service responses to
the kernel, elevate privileges, or gain kernel execution
Description: Issues existed in identitysvc validation of the
directory service resolving process, flag handling, and error
handling. This issue was addressed through improved validation.
CVE-ID
CVE-2014-8825 : Alex Radocea of CrowdStrike
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: OS X Mavericks v10.9.5
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IOSharedDataQueue objects. This issue was
addressed through relocation of the metadata.
CVE-ID
CVE-2014-4461 : @PanguTeam
LaunchServices
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious JAR file may bypass Gatekeeper checks
Description: An issue existed in the handling of application
launches which allowed certain malicious JAR files to bypass
Gatekeeper checks. This issue was addressed through improved handling
of file type metadata.
CVE-ID
CVE-2014-8826 : Hernan Ochoa of Amplia Security
libnetcore
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. By sending networkd a
maliciously formatted message, it may have been possible to execute
arbitrary code as the networkd process. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
LoginWindow
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A Mac may not lock immediately upon wake
Description: An issue existed in the rendering of the lock screen.
This issue was address through improved screen rendering while
locked.
CVE-ID
CVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed
testers
lukemftp
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Using the command line ftp tool to fetch files from a
malicious http server may lead to arbitrary code execution
Description: A command injection issue existed in the handling of
HTTP redirects. This issue was addressed through improved validation
of special characters.
CVE-ID
CVE-2014-8517
OpenSSL
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one
that may allow an attacker to downgrade connections to use weaker
cipher-suites in applications using the library
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8za.
These issues were addressed by updating OpenSSL to version 0.9.8zc.
CVE-ID
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
Sandbox
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A design issue existed in the caching of sandbox
profiles which allowed sandboxed applications to gain write access to
the cache. This issue was addressed by restricting write access to
paths containing a "com.apple.sandbox" segment. This issue does
not affect OS X Yosemite v10.10 or later.
CVE-ID
CVE-2014-8828 : Apple
SceneKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: Multiple out of bounds write issues existed in
SceneKit. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2014-8829 : Jose Duart of the Google Security Team
SceneKit
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted Collada file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in SceneKit's handling
of Collada files. Viewing a maliciously crafted Collada file may have
led to an unexpected application termination or arbitrary code
execution. This issue was addressed through improved validation of
accessor elements.
CVE-ID
CVE-2014-8830 : Jose Duart of Google Security Team
Security
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A downloaded application signed with a revoked Developer ID
certificate may pass Gatekeeper checks
Description: An issue existed with how cached application
certificate information was evaluated. This issue was addressed with
cache logic improvements.
CVE-ID
CVE-2014-8838 : Apple
security_taskgate
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: An app may access keychain items belonging to other apps
Description: An access control issue existed in the Keychain.
Applications signed with self-signed or Developer ID certificates
could access keychain items whose access control lists were based on
keychain groups. This issue was addressed by validating the signing
identity when granting access to keychain groups.
CVE-ID
CVE-2014-8831 : Apple
Spotlight
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: The sender of an email could determine the IP address of the
recipient
Description: Spotlight did not check the status of Mail's "Load
remote content in messages" setting. This issue was addressed by
improving configuration checking.
CVE-ID
CVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of
LastFriday.no
Spotlight
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may save unexpected information to an external
hard drive
Description: An issue existed in Spotlight where memory contents may
have been written to external hard drives when indexing. This issue
was addressed with better memory management.
CVE-ID
CVE-2014-8832 : F-Secure
SpotlightIndex
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may display results for files not belonging to the
user
Description: A deserialization issue existed in Spotlight's handling
of permission caches. A user performing a Spotlight query may have
been shown search results referencing files for which they don't have
sufficient privileges to read. This issue was addressed with improved
bounds checking.
CVE-ID
CVE-2014-8833 : David J Peacock, Independent Technology Consultant
sysmond
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: A type confusion vulnerability existed in sysmond that
allowed a local application to escalate privileges. The issue was
addressed with improved type checking.
CVE-ID
CVE-2014-8835 : Ian Beer of Google Project Zero
UserAccountUpdater
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Printing-related preference files may contain sensitive
information about PDF documents
Description: OS X Yosemite v10.10 addressed an issue in the handling
of password-protected PDF files created from the Print dialog where
passwords may have been included in printing preference files. This
update removes such extraneous information that may have been present
in printing preference files.
CVE-ID
CVE-2014-8834 : Apple
Note: OS X Yosemite 10.10.2 includes the security content of Safari
8.0.3. For further details see https://support.apple.com/kb/HT204243
OS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F
N9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET
D1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG
LqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX
FcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6
8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/
qmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW
gzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V
0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA
0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns
sAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq
nggZl3Sa+QhfaHSUqSJI
=uAqk
-----END PGP SIGNATURE-----
| VAR-201501-0277 | CVE-2014-8840 | Apple iOS of iTunes Store In the component Safari Vulnerability bypassing sandbox protection mechanisms |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store. This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Apple iOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of SSL connections. The issue lies in the implicit trust of sites that offer URL redirection services. An attacker can leverage this vulnerability to execute code outside the context of the sandbox. Apple iOS is prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect iTunes Store, MobileInstallation, Springboard, and WebKit components.
Attackers can exploit these issues to gain unauthorized access, perform unauthorized actions, bypass security restrictions, and perform other attacks.
These issues affect iOS versions prior to 8.1.3. Apple iOS is an operating system developed by Apple (Apple) for mobile devices
| VAR-201501-0276 | CVE-2014-8839 | Apple OS X of Spotlight Of recipients in IP Vulnerability to get address |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL. Apple Mac OS X is prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components.
Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions.
These issues affect OS X prior to 10.10.2. Spotlight is one of the components that can quickly retrieve the entire system (including files, emails, contacts, etc.) in the input box
| VAR-201501-0275 | CVE-2014-8838 | Apple OS X of Security In the component Gatekeeper Vulnerabilities bypassing protection mechanisms |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app. Apple Mac OS X is prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components.
Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions.
These issues affect OS X prior to 10.10.2. Security is one of the security components