SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Apple OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges and Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1030868
SecurityTracker URL:  http://securitytracker.com/id/1030868
CVE Reference:   CVE-2014-1391, CVE-2014-4350, CVE-2014-4376, CVE-2014-4390, CVE-2014-4393, CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, CVE-2014-4402, CVE-2014-4403, CVE-2014-4416   (Links to External Site)
Date:  Sep 18 2014
Impact:   Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 10.9.5
Description:   Multiple vulnerabilities were reported in Apple OS X. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A local user can obtain potentially sensitive information.

A remote user can create a specially crafted RLE encoded movie file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system [CVE-2014-1391]. The code will run with the privileges of the target user.

A remote user can create a specially crafted MIDI file that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system [CVE-2014-4350].

A local application can trigger a null pointer dereference in the handling of IOKit API arguments to execute arbitrary code with system privileges [CVE-2014-4376].

A local application can trigger a validation flaw in the handling of a Bluetooth API call to execute arbitrary code with system privileges [CVE-2014-4390].

A local user can compile untrusted GLSL shaders to trigger a buffer overflow and execute arbitrary code [CVE-2014-4393].

A local application can trigger a validation flaw in some integrated graphics driver routines to execute arbitrary code with system privileges [CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, CVE-2014-4416].

A local application can trigger an out-of-bounds memory read in the handling of an IOAcceleratorFamily function to execute arbitrary code with system privileges [CVE-2014-4402].

The CPU Global Descriptor Table is allocated at a predictable address [CVE-2014-4403]. A local user can exploit this to infer kernel addresses and bypass kernel address space layout randomization.

Fernando Munoz (via iDefense VCP), Tom Gallagher and Paul Bates (via HP's Zero Day Initiative), s3tm3m (via HP's Zero Day Initiative), and Ian Beer of Google Project Zero reported these vulnerabilities.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

A local user can obtain elevated privileges on the target system.

A local user can obtain potentially sensitive information to bypass kernel address space layout randomization.

Solution:   The vendor has issued a fix (10.9.5; Security Update 2014-004 for 10.7.x and 10.8.x).

The vendor's advisory is available at:

http://support.apple.com/kb/HT6443

Vendor URL:  support.apple.com/kb/HT6443 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC