![]() dfont file may lead to an unexpected application termination or arbitrary code executionĭescription: A memory corruption issue existed in the handling of. Impact: Processing a maliciously crafted. These issues were addressed through improved type checking.ĬVE-2014-8817 : Ian Beer of Google Project Zero This issue does not affect OS X Yosemite systems.ĬVE-2014-8816 : Mike Myers, of Digital Operatives LLCĭescription: Multiple type confusion issues existed in coresymbolicationd's handling of XPC messages. The issue was addressed through improved bounds checking. This issue did not affect systems prior to OS X Yosemite.ĬVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howardĭescription: A memory corruption issue existed in the handling of PDF files. This issue was addressed by ensuring that logging is off by default. ![]() Impact: Some third-party applications with non-secure text entry and mouse events may log those eventsĭescription: Due to the combination of an uninitialized variable and an application's custom allocator, non-secure text entry and mouse events may have been logged. This issue was addressed by disallowing logging of credentials. The App Store process could log Apple ID credentials in the log when additional logging was enabled. Impact: An attacker with access to a system may be able to recover Apple ID credentialsĭescription: An issue existed in the handling of App Store logs. This issue was addressed by not loading option ROMs during updates.ĬVE-2014-4498 : Trammell Hudson of Two Sigma Investments Impact: A malicious Thunderbolt device may be able to affect firmware flashingĭescription: Thunderbolt devices could modify the host firmware if connected during an EFI update. This issue was addressed through improved bounds checking.ĬVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the iSIGHT Partners GVP ProgramĪvailable for: OS X Yosemite v10.10 and v10.10.1, for: MacBook Pro Retina, MacBook Air (Mid 2013 and later), iMac (Late 2013 and later), Mac Pro (Late 2013) Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code executionĭescription: An integer overflow existed in the handling of PDF files. This issue was addressed through a change in caching behavior.Īvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Website cache may not be fully cleared after leaving private browsingĭescription: A privacy issue existed where browsing data could remain in the cache after leaving private browsing. The issues were addressed through additional input validation.ĬVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze Networks The issue was addressed through additional input validation.ĬVE-2014-8836 : Ian Beer of Google Project Zeroĭescription: Multiple security issues existed in the Bluetooth driver, allowing a malicious application to execute arbitrary code with system privilege. ![]() This issue does not affect OS X Yosemite systems.ĭescription: An error existed in the Bluetooth driver that allowed a malicious application to control the size of a write to kernel memory. This issue was addressed through improved bounds checking. Impact: A malicious application may be able to execute arbitrary code with system privilegesĭescription: An integer signedness error existed in IOBluetoothFamily which allowed manipulation of kernel memory. ![]() These issues were addressed by updating bash to patch level 57.Īvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: Multiple vulnerabilities in bash, including one that may allow local attackers to execute arbitrary codeĭescription: Multiple vulnerabilities existed in bash. ![]() This issue was addressed by removing the addresses from the result.ĬVE-2014-4426 : Craig Young of Tripwire VERTĪvailable for: OS X Yosemite v10.10 and v10.10.1 Impact: A remote attacker may be able to determine all the network addresses of the systemĭescription: The AFP file server supported a command which returned all the network addresses of the system. ![]()
0 Comments
Leave a Reply. |