VARIoT IoT vulnerabilities database

Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. The update addresses new vulnerabilities that affect Kernel, IOReporting, launchd, Security - Secure Transport components. Attackers can exploit these issues to disclose sensitive information, execute arbitrary code in the context of the system privileges or cause denial-of-service conditions. Apple Mac OS X 10.9 to 10.9.3 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition TV set-top box product; Apple OS X is a dedicated operating system developed for Mac computers. A remote attacker could exploit this vulnerability to obtain sensitive information in memory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005. copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015 Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2014-1371 : an anonymous researcher working with HP's Zero Day Initiative Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1372 : Ian Beer of Google Project Zero iBooks Commerce Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-1317 : Steve Dunham Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenGL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1373 : Ian Beer of Google Project Zero Intel Graphics Driver Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by removing the pointer from the object. CVE-ID CVE-2014-1375 Intel Compute Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenCL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1376 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1377 : Ian Beer of Google Project Zero IOGraphicsFamily Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer. CVE-ID CVE-2014-1378 IOReporting Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user could cause an unexpected system restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero Graphics Drivers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. CVE-ID CVE-2014-1379 : Ian Beer of Google Project Zero Security - Keychain Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker may be able to type into windows under the screen lock Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Thunderbolt Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the handling of IOThunderBoltController API calls. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293 OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE----- . CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community Apple TV Available for: Apple TV 2nd generation and later Impact: An iTunes Store transaction may be completed with insufficient authorization Description: A signed-in user was able to complete an iTunes Store transaction without providing a valid password when prompted. CVE-ID CVE-2014-1383 Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software". To check the current version of software, select "Settings -> General -> About"

WebKit, as used in Apple Safari before 6.1.5 and 7.x before 7.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1. Apple Safari Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability. An attacker may exploit this issue by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the WebKit used in Apple Safari versions prior to 6.1.5 and 7.x versions prior to 7.0.5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5 Safari 6.1.5 and Safari 7.0.5 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2014-1325 : Apple CVE-2014-1340 : Apple CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: Dragging a URL from a maliciously crafted website to another window could lead to the disclosure of local file content Description: Dragging a URL from a maliciously crafted website to another window could have allowed the malicious site to access a file:// URL. This issue was addressed through improved validation of dragged resources. CVE-ID CVE-2014-1369 : Aaron Sigel of vtty.com WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.5 and Safari 6.1.5 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.5 is available via the Apple Software Update application. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaPHAAoJEBcWfLTuOo7taK8P/0tThtNLog6ssE+iBRlBRtlu pdjDkqF5N5b71I00+DWhpxasEmsrmc7j5XXzbqaH/I3eWx9rRSHYTxon3gXHv8xY K4N1eUb/taHUaSJDH9mfzTvmxZf8x1EGsBQDmDpotXVtwW5h3uYxYsjAoG6g/MZO i74ggPKp3XnjSa/DPEJIXXZTTZrYDCBnDOE1By/vOVBshUy6/M8pWNd56gjYrYm9 VqJjeR9ZRc7RTkmbpJGOphjJ9/N/5oLinDV9cpObPktFhrG/RO90gGLorvtqG4NJ i9iOw2XHnX59TvmELjWHDJKD4NbGDSSl9eOW1iHQfLb5rt6yr7eNPfQDJMqYQKYh oViKYvhyRlOM5W56Xs6d39IJuHy43UkjPHU6frh5hrR+08WaVYfwNEhGf7iUzkPG Ln6quTg8hvQivHsmBnQ1fgYwcCc09QkAI9BtiLJqW+9Nk4KxKDB6ZBUFvp1z/ELZ SHRyb52FAo0yukNDjYqdp9l7QjhCzYpHdwZZGpgVmnroQPdBa+sJqBGiNRQd6Qun 1K5Rn3CaPAIft21L5aCju0uIouo8g56SBo9+bXCdDPpMmV3CSCRtU/aWfHWOE9D7 /MN0FCa6EQXKz15zBRMCmHY6QWAexM//gdrnLBx8ndLS1y59+hL/fz7PJ1pGtJa9 9Q6eqCFTMNIRoGCOsp8M =Hhsf -----END PGP SIGNATURE-----

WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site. Apple iOS and Apple Safari Used in etc. Supplementary information : CWE Vulnerability types by CWE-172: Encoding Error ( Encoding error ) Has been identified. http://cwe.mitre.org/data/definitions/172.htmlExpertly crafted by a third party Web Through the site, the address bar could be spoofed. The update addresses new vulnerabilities that affect CoreGraphics, Lockdown, Lock Screen, Mail, Safari, Settings, and Siri. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, gain unauthorized access, obtain sensitive information, bypass security restrictions, and perform other attacks. These issues affect iOS Prior to 7.1.2. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Remote attackers can use this vulnerability to disguise their domain name in the address bar of a specially crafted website to carry out fraudulent attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious site can send messages to a connected frame or window in a way that might circumvent the receiver's origin check Description: An encoding issue existed in the handling of unicode characters in URLs. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE-----

Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. The update addresses new vulnerabilities that affect copyfile, Dock,Graphics Driver , iBooks Commerce, Intel Graphics Driver, Intel Compute, IOAcceleratorFamily, IOGraphicsFamily, Security - Keychain, and Thunderbolt. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.9.4. The vulnerability is caused by the program not properly restricting OpenGL API calls. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005. copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015 Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2014-1371 : an anonymous researcher working with HP's Zero Day Initiative Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1372 : Ian Beer of Google Project Zero iBooks Commerce Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1373 : Ian Beer of Google Project Zero Intel Graphics Driver Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by removing the pointer from the object. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1376 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1377 : Ian Beer of Google Project Zero IOGraphicsFamily Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer. CVE-ID CVE-2014-1378 IOReporting Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user could cause an unexpected system restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero Graphics Drivers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. CVE-ID CVE-2014-1379 : Ian Beer of Google Project Zero Security - Keychain Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker may be able to type into windows under the screen lock Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. CVE-ID CVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existing in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293 OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE-----

Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from kernel memory and bypass the ASLR protection mechanism via a crafted call. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. The update addresses new vulnerabilities that affect copyfile, Dock,Graphics Driver , iBooks Commerce, Intel Graphics Driver, Intel Compute, IOAcceleratorFamily, IOGraphicsFamily, Security - Keychain, and Thunderbolt. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.9.4. The vulnerability stems from the program's handling of system calls without properly restricting read operations. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005. copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015 Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1372 : Ian Beer of Google Project Zero iBooks Commerce Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-1317 : Steve Dunham Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenGL API call. This issue was addressed through improved bounds checking. This issue was addressed by removing the pointer from the object. CVE-ID CVE-2014-1375 Intel Compute Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenCL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1376 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1377 : Ian Beer of Google Project Zero IOGraphicsFamily Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer. CVE-ID CVE-2014-1378 IOReporting Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user could cause an unexpected system restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero Graphics Drivers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. CVE-ID CVE-2014-1379 : Ian Beer of Google Project Zero Security - Keychain Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker may be able to type into windows under the screen lock Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. CVE-ID CVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existing in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Thunderbolt Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the handling of IOThunderBoltController API calls. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293 OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE-----

WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site. Apple Safari Used in etc. WebKit is prone to an information-disclosure vulnerability. Successful exploits may allow the attacker to gain access to sensitive information. Information obtained may lead to further attacks. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in Apple Safari versions 6.1.4 and prior and WebKit versions 7.x prior to 7.0.5

Intel Graphics Driver in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. The update addresses new vulnerabilities that affect copyfile, Dock,Graphics Driver , iBooks Commerce, Intel Graphics Driver, Intel Compute, IOAcceleratorFamily, IOGraphicsFamily, Security - Keychain, and Thunderbolt. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.9.4. The vulnerability is due to the fact that kernel pointers stored in IOKit objects can be retrieved from user space. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005. copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015 Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1372 : Ian Beer of Google Project Zero iBooks Commerce Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-1317 : Steve Dunham Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenGL API call. This issue was addressed through improved bounds checking. This issue was addressed by removing the pointer from the object. CVE-ID CVE-2014-1375 Intel Compute Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenCL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1376 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. This issue was addressed by using a unique ID instead of a pointer. CVE-ID CVE-2014-1378 IOReporting Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user could cause an unexpected system restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero Graphics Drivers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. CVE-ID CVE-2014-1379 : Ian Beer of Google Project Zero Security - Keychain Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker may be able to type into windows under the screen lock Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. CVE-ID CVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existing in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Thunderbolt Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the handling of IOThunderBoltController API calls. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293 OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE-----

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. Apple iOS , Apple Safari and Apple TV Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5 Safari 6.1.5 and Safari 7.0.5 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2014-1325 : Apple CVE-2014-1340 : Apple CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: Dragging a URL from a maliciously crafted website to another window could lead to the disclosure of local file content Description: Dragging a URL from a maliciously crafted website to another window could have allowed the malicious site to access a file:// URL. This issue was addressed through improved validation of dragged resources. CVE-ID CVE-2014-1369 : Aaron Sigel of vtty.com WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.5 and Safari 6.1.5 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.5 is available via the Apple Software Update application. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaPHAAoJEBcWfLTuOo7taK8P/0tThtNLog6ssE+iBRlBRtlu pdjDkqF5N5b71I00+DWhpxasEmsrmc7j5XXzbqaH/I3eWx9rRSHYTxon3gXHv8xY K4N1eUb/taHUaSJDH9mfzTvmxZf8x1EGsBQDmDpotXVtwW5h3uYxYsjAoG6g/MZO i74ggPKp3XnjSa/DPEJIXXZTTZrYDCBnDOE1By/vOVBshUy6/M8pWNd56gjYrYm9 VqJjeR9ZRc7RTkmbpJGOphjJ9/N/5oLinDV9cpObPktFhrG/RO90gGLorvtqG4NJ i9iOw2XHnX59TvmELjWHDJKD4NbGDSSl9eOW1iHQfLb5rt6yr7eNPfQDJMqYQKYh oViKYvhyRlOM5W56Xs6d39IJuHy43UkjPHU6frh5hrR+08WaVYfwNEhGf7iUzkPG Ln6quTg8hvQivHsmBnQ1fgYwcCc09QkAI9BtiLJqW+9Nk4KxKDB6ZBUFvp1z/ELZ SHRyb52FAo0yukNDjYqdp9l7QjhCzYpHdwZZGpgVmnroQPdBa+sJqBGiNRQd6Qun 1K5Rn3CaPAIft21L5aCju0uIouo8g56SBo9+bXCdDPpMmV3CSCRtU/aWfHWOE9D7 /MN0FCa6EQXKz15zBRMCmHY6QWAexM//gdrnLBx8ndLS1y59+hL/fz7PJ1pGtJa9 9Q6eqCFTMNIRoGCOsp8M =Hhsf -----END PGP SIGNATURE-----

Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the OS X Dock. The issue lies in the failure to proper sanitize a user-supplied value prior to indexing into an array of function pointers. An attacker could leverage this vulnerability to execute code within the context of the Dock process. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. The update addresses new vulnerabilities that affect copyfile, Dock,Graphics Driver , iBooks Commerce, Intel Graphics Driver, Intel Compute, IOAcceleratorFamily, IOGraphicsFamily, Security - Keychain, and Thunderbolt. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.9.4. The Dock is one of the graphical user interfaces used to start and switch running applications. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005. copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015 Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. CVE-ID CVE-2014-1371 : an anonymous researcher working with HP's Zero Day Initiative Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1372 : Ian Beer of Google Project Zero iBooks Commerce Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-1317 : Steve Dunham Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenGL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1373 : Ian Beer of Google Project Zero Intel Graphics Driver Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by removing the pointer from the object. CVE-ID CVE-2014-1375 Intel Compute Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenCL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1376 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1377 : Ian Beer of Google Project Zero IOGraphicsFamily Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer. CVE-ID CVE-2014-1378 IOReporting Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user could cause an unexpected system restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero Graphics Drivers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. CVE-ID CVE-2014-1379 : Ian Beer of Google Project Zero Security - Keychain Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker may be able to type into windows under the screen lock Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. CVE-ID CVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existing in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Thunderbolt Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the handling of IOThunderBoltController API calls. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293 OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE-----

Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. The update addresses new vulnerabilities that affect copyfile, Dock,Graphics Driver , iBooks Commerce, Intel Graphics Driver, Intel Compute, IOAcceleratorFamily, IOGraphicsFamily, Security - Keychain, and Thunderbolt. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.9.4. The vulnerability is caused by the program not properly restricting OpenGL API calls. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005. copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015 Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2014-1371 : an anonymous researcher working with HP's Zero Day Initiative Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1372 : Ian Beer of Google Project Zero iBooks Commerce Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1373 : Ian Beer of Google Project Zero Intel Graphics Driver Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by removing the pointer from the object. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1376 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1377 : Ian Beer of Google Project Zero IOGraphicsFamily Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer. CVE-ID CVE-2014-1378 IOReporting Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user could cause an unexpected system restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero Graphics Drivers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. CVE-ID CVE-2014-1379 : Ian Beer of Google Project Zero Security - Keychain Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker may be able to type into windows under the screen lock Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. CVE-ID CVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existing in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293 OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE-----

Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement for iTunes Store purchase transactions via unspecified vectors. Apple TV is prone to an authorization-bypass vulnerability. A remote attacker can exploit this issue to bypass security restrictions that may aid in further attacks. Versions prior to Apple TV 6.1.2 are vulnerable. It can watch TV programs online through Apple TV, and may also transfer photos, videos and music from iPad, iPhone, iPod and PC to the TV. play

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. Apple iOS , Apple Safari and Apple TV Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5 Safari 6.1.5 and Safari 7.0.5 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2014-1325 : Apple CVE-2014-1340 : Apple CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: Dragging a URL from a maliciously crafted website to another window could lead to the disclosure of local file content Description: Dragging a URL from a maliciously crafted website to another window could have allowed the malicious site to access a file:// URL. This issue was addressed through improved validation of dragged resources. CVE-ID CVE-2014-1369 : Aaron Sigel of vtty.com WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.5 and Safari 6.1.5 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.5 is available via the Apple Software Update application. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaPHAAoJEBcWfLTuOo7taK8P/0tThtNLog6ssE+iBRlBRtlu pdjDkqF5N5b71I00+DWhpxasEmsrmc7j5XXzbqaH/I3eWx9rRSHYTxon3gXHv8xY K4N1eUb/taHUaSJDH9mfzTvmxZf8x1EGsBQDmDpotXVtwW5h3uYxYsjAoG6g/MZO i74ggPKp3XnjSa/DPEJIXXZTTZrYDCBnDOE1By/vOVBshUy6/M8pWNd56gjYrYm9 VqJjeR9ZRc7RTkmbpJGOphjJ9/N/5oLinDV9cpObPktFhrG/RO90gGLorvtqG4NJ i9iOw2XHnX59TvmELjWHDJKD4NbGDSSl9eOW1iHQfLb5rt6yr7eNPfQDJMqYQKYh oViKYvhyRlOM5W56Xs6d39IJuHy43UkjPHU6frh5hrR+08WaVYfwNEhGf7iUzkPG Ln6quTg8hvQivHsmBnQ1fgYwcCc09QkAI9BtiLJqW+9Nk4KxKDB6ZBUFvp1z/ELZ SHRyb52FAo0yukNDjYqdp9l7QjhCzYpHdwZZGpgVmnroQPdBa+sJqBGiNRQd6Qun 1K5Rn3CaPAIft21L5aCju0uIouo8g56SBo9+bXCdDPpMmV3CSCRtU/aWfHWOE9D7 /MN0FCa6EQXKz15zBRMCmHY6QWAexM//gdrnLBx8ndLS1y59+hL/fz7PJ1pGtJa9 9Q6eqCFTMNIRoGCOsp8M =Hhsf -----END PGP SIGNATURE-----

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. Apple iOS , Apple Safari and Apple TV Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5 Safari 6.1.5 and Safari 7.0.5 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2014-1325 : Apple CVE-2014-1340 : Apple CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: Dragging a URL from a maliciously crafted website to another window could lead to the disclosure of local file content Description: Dragging a URL from a maliciously crafted website to another window could have allowed the malicious site to access a file:// URL. This issue was addressed through improved validation of dragged resources. CVE-ID CVE-2014-1369 : Aaron Sigel of vtty.com WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.5 and Safari 6.1.5 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.5 is available via the Apple Software Update application. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaPHAAoJEBcWfLTuOo7taK8P/0tThtNLog6ssE+iBRlBRtlu pdjDkqF5N5b71I00+DWhpxasEmsrmc7j5XXzbqaH/I3eWx9rRSHYTxon3gXHv8xY K4N1eUb/taHUaSJDH9mfzTvmxZf8x1EGsBQDmDpotXVtwW5h3uYxYsjAoG6g/MZO i74ggPKp3XnjSa/DPEJIXXZTTZrYDCBnDOE1By/vOVBshUy6/M8pWNd56gjYrYm9 VqJjeR9ZRc7RTkmbpJGOphjJ9/N/5oLinDV9cpObPktFhrG/RO90gGLorvtqG4NJ i9iOw2XHnX59TvmELjWHDJKD4NbGDSSl9eOW1iHQfLb5rt6yr7eNPfQDJMqYQKYh oViKYvhyRlOM5W56Xs6d39IJuHy43UkjPHU6frh5hrR+08WaVYfwNEhGf7iUzkPG Ln6quTg8hvQivHsmBnQ1fgYwcCc09QkAI9BtiLJqW+9Nk4KxKDB6ZBUFvp1z/ELZ SHRyb52FAo0yukNDjYqdp9l7QjhCzYpHdwZZGpgVmnroQPdBa+sJqBGiNRQd6Qun 1K5Rn3CaPAIft21L5aCju0uIouo8g56SBo9+bXCdDPpMmV3CSCRtU/aWfHWOE9D7 /MN0FCa6EQXKz15zBRMCmHY6QWAexM//gdrnLBx8ndLS1y59+hL/fz7PJ1pGtJa9 9Q6eqCFTMNIRoGCOsp8M =Hhsf -----END PGP SIGNATURE-----

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. Apple iOS , Apple Safari and Apple TV Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5 Safari 6.1.5 and Safari 7.0.5 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2014-1325 : Apple CVE-2014-1340 : Apple CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: Dragging a URL from a maliciously crafted website to another window could lead to the disclosure of local file content Description: Dragging a URL from a maliciously crafted website to another window could have allowed the malicious site to access a file:// URL. This issue was addressed through improved validation of dragged resources. CVE-ID CVE-2014-1369 : Aaron Sigel of vtty.com WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.5 and Safari 6.1.5 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.5 is available via the Apple Software Update application. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaPHAAoJEBcWfLTuOo7taK8P/0tThtNLog6ssE+iBRlBRtlu pdjDkqF5N5b71I00+DWhpxasEmsrmc7j5XXzbqaH/I3eWx9rRSHYTxon3gXHv8xY K4N1eUb/taHUaSJDH9mfzTvmxZf8x1EGsBQDmDpotXVtwW5h3uYxYsjAoG6g/MZO i74ggPKp3XnjSa/DPEJIXXZTTZrYDCBnDOE1By/vOVBshUy6/M8pWNd56gjYrYm9 VqJjeR9ZRc7RTkmbpJGOphjJ9/N/5oLinDV9cpObPktFhrG/RO90gGLorvtqG4NJ i9iOw2XHnX59TvmELjWHDJKD4NbGDSSl9eOW1iHQfLb5rt6yr7eNPfQDJMqYQKYh oViKYvhyRlOM5W56Xs6d39IJuHy43UkjPHU6frh5hrR+08WaVYfwNEhGf7iUzkPG Ln6quTg8hvQivHsmBnQ1fgYwcCc09QkAI9BtiLJqW+9Nk4KxKDB6ZBUFvp1z/ELZ SHRyb52FAo0yukNDjYqdp9l7QjhCzYpHdwZZGpgVmnroQPdBa+sJqBGiNRQd6Qun 1K5Rn3CaPAIft21L5aCju0uIouo8g56SBo9+bXCdDPpMmV3CSCRtU/aWfHWOE9D7 /MN0FCa6EQXKz15zBRMCmHY6QWAexM//gdrnLBx8ndLS1y59+hL/fz7PJ1pGtJa9 9Q6eqCFTMNIRoGCOsp8M =Hhsf -----END PGP SIGNATURE-----

The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. The update addresses new vulnerabilities that affect copyfile, Dock,Graphics Driver , iBooks Commerce, Intel Graphics Driver, Intel Compute, IOAcceleratorFamily, IOGraphicsFamily, Security - Keychain, and Thunderbolt. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.9.4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005. copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015 Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2014-1371 : an anonymous researcher working with HP's Zero Day Initiative Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1372 : Ian Beer of Google Project Zero iBooks Commerce Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-1317 : Steve Dunham Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenGL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1373 : Ian Beer of Google Project Zero Intel Graphics Driver Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by removing the pointer from the object. CVE-ID CVE-2014-1375 Intel Compute Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenCL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1376 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1377 : Ian Beer of Google Project Zero IOGraphicsFamily Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer. CVE-ID CVE-2014-1378 IOReporting Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user could cause an unexpected system restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero Graphics Drivers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. CVE-ID CVE-2014-1379 : Ian Beer of Google Project Zero Security - Keychain Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker may be able to type into windows under the screen lock Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. CVE-ID CVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existing in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293 OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE-----

Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted application. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. The update addresses new vulnerabilities that affect copyfile, Dock,Graphics Driver , iBooks Commerce, Intel Graphics Driver, Intel Compute, IOAcceleratorFamily, IOGraphicsFamily, Security - Keychain, and Thunderbolt. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.9.4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005. copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015 Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2014-1371 : an anonymous researcher working with HP's Zero Day Initiative Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1372 : Ian Beer of Google Project Zero iBooks Commerce Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-1317 : Steve Dunham Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenGL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1373 : Ian Beer of Google Project Zero Intel Graphics Driver Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by removing the pointer from the object. CVE-ID CVE-2014-1375 Intel Compute Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenCL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1376 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1377 : Ian Beer of Google Project Zero IOGraphicsFamily Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer. CVE-ID CVE-2014-1378 IOReporting Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user could cause an unexpected system restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. CVE-ID CVE-2014-1379 : Ian Beer of Google Project Zero Security - Keychain Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker may be able to type into windows under the screen lock Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. CVE-ID CVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existing in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Thunderbolt Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the handling of IOThunderBoltController API calls. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293 OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE-----

Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted call. Apple OS X is a set of special operating systems developed by Apple Inc. for Mac computers. There is a security vulnerability in Thunderbolt in Apple OS X 10.9.3 and earlier versions. The vulnerability stems from the program's failure to properly restrict IOThunderBoltController API calls. The update addresses new vulnerabilities that affect copyfile, Dock,Graphics Driver , iBooks Commerce, Intel Graphics Driver, Intel Compute, IOAcceleratorFamily, IOGraphicsFamily, Security - Keychain, and Thunderbolt. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.9.4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005. copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015 Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. CVE-ID CVE-2014-1371 : an anonymous researcher working with HP's Zero Day Initiative Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1372 : Ian Beer of Google Project Zero iBooks Commerce Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-1317 : Steve Dunham Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenGL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1373 : Ian Beer of Google Project Zero Intel Graphics Driver Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by removing the pointer from the object. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1376 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1377 : Ian Beer of Google Project Zero IOGraphicsFamily Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer. CVE-ID CVE-2014-1378 IOReporting Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user could cause an unexpected system restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero Graphics Drivers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. CVE-ID CVE-2014-1379 : Ian Beer of Google Project Zero Security - Keychain Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker may be able to type into windows under the screen lock Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. CVE-ID CVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existing in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293 OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE-----

The Security - Keychain component in Apple OS X before 10.9.4 does not properly implement keystroke observers, which allows physically proximate attackers to bypass the screen-lock protection mechanism, and enter characters into an arbitrary window under the lock window, via keyboard input. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. The update addresses new vulnerabilities that affect copyfile, Dock,Graphics Driver , iBooks Commerce, Intel Graphics Driver, Intel Compute, IOAcceleratorFamily, IOGraphicsFamily, Security - Keychain, and Thunderbolt. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.9.4. The system contains various types of data, such as passwords, private keys, electronic certificates, and encrypted notes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005. copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015 Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2014-1371 : an anonymous researcher working with HP's Zero Day Initiative Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1372 : Ian Beer of Google Project Zero iBooks Commerce Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-1317 : Steve Dunham Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenGL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1373 : Ian Beer of Google Project Zero Intel Graphics Driver Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by removing the pointer from the object. CVE-ID CVE-2014-1375 Intel Compute Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenCL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1376 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1377 : Ian Beer of Google Project Zero IOGraphicsFamily Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer. CVE-ID CVE-2014-1378 IOReporting Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user could cause an unexpected system restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero Graphics Drivers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. CVE-ID CVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existing in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Thunderbolt Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the handling of IOThunderBoltController API calls. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293 OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE-----

IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. The update addresses new vulnerabilities that affect copyfile, Dock,Graphics Driver , iBooks Commerce, Intel Graphics Driver, Intel Compute, IOAcceleratorFamily, IOGraphicsFamily, Security - Keychain, and Thunderbolt. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.9.4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005. copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015 Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2014-1371 : an anonymous researcher working with HP's Zero Day Initiative Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1372 : Ian Beer of Google Project Zero iBooks Commerce Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-1317 : Steve Dunham Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenGL API call. This issue was addressed through improved bounds checking. This issue was addressed by removing the pointer from the object. CVE-ID CVE-2014-1375 Intel Compute Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenCL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1376 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. This issue was addressed by using a unique ID instead of a pointer. CVE-ID CVE-2014-1378 IOReporting Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user could cause an unexpected system restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero Graphics Drivers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. CVE-ID CVE-2014-1379 : Ian Beer of Google Project Zero Security - Keychain Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker may be able to type into windows under the screen lock Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. CVE-ID CVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existing in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Thunderbolt Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the handling of IOThunderBoltController API calls. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293 OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE-----

Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application. Supplementary information : CWE Vulnerability type by CWE-129: Improper Validation of Array Index ( Incorrect validation of array index ) Has been identified. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. The update addresses new vulnerabilities that affect copyfile, Dock,Graphics Driver , iBooks Commerce, Intel Graphics Driver, Intel Compute, IOAcceleratorFamily, IOGraphicsFamily, Security - Keychain, and Thunderbolt. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.9.4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005. copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015 Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2014-1371 : an anonymous researcher working with HP's Zero Day Initiative Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1372 : Ian Beer of Google Project Zero iBooks Commerce Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-1317 : Steve Dunham Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenGL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1373 : Ian Beer of Google Project Zero Intel Graphics Driver Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by removing the pointer from the object. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1377 : Ian Beer of Google Project Zero IOGraphicsFamily Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer. CVE-ID CVE-2014-1378 IOReporting Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user could cause an unexpected system restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero Graphics Drivers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. CVE-ID CVE-2014-1379 : Ian Beer of Google Project Zero Security - Keychain Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker may be able to type into windows under the screen lock Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. CVE-ID CVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existing in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Thunderbolt Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the handling of IOThunderBoltController API calls. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293 OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE-----