SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Apple OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges and Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1031650
SecurityTracker URL:  http://securitytracker.com/id/1031650
CVE Reference:   CVE-2014-4481, CVE-2014-4483, CVE-2014-4484, CVE-2014-4485, CVE-2014-4487, CVE-2014-4488, CVE-2014-4489, CVE-2014-4491, CVE-2014-4495, CVE-2014-4497, CVE-2014-4498, CVE-2014-4499, CVE-2014-8816, CVE-2014-8817, CVE-2014-8819, CVE-2014-8820, CVE-2014-8821, CVE-2014-8822, CVE-2014-8823, CVE-2014-8824, CVE-2014-8825, CVE-2014-8826, CVE-2014-8827, CVE-2014-8828, CVE-2014-8829, CVE-2014-8830, CVE-2014-8831, CVE-2014-8832, CVE-2014-8833, CVE-2014-8834, CVE-2014-8835, CVE-2014-8837, CVE-2014-8838   (Links to External Site)
Date:  Jan 28 2015
Impact:   Disclosure of authentication information, Disclosure of system information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of system information, Root access via local system, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.8.5, 10.9.5, 10.10, and 10.10.1
Description:   Multiple vulnerabilities were reported in Apple OS X. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system.

A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger an integer overflow and execute arbitrary code on the target user's system [CVE-2014-4481].

A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a buffer overflow in FontParser and execute arbitrary code on the target user's system [CVE-2014-4483].

A remote user can create a specially crafted '.dfont' file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target user's system [CVE-2014-4484].

A remote user can create a specially crafted XML file that, when loaded by the target user, will trigger a buffer overflow in the XML file and execute arbitrary code on the target user's system [CVE-2014-4485]. Versions 10.9.x and 10.10.x are affected.

A local user can run a specially crafted application to trigger a buffer overflow in IOHIDFamily and execute arbitrary code with system privileges [CVE-2014-4487].

A local user can run a specially crafted application to trigger a validation flaw in IOHIDFamily and execute arbitrary code with system privileges [CVE-2014-4488].

A local user can run a specially crafted application to trigger a null pointer dereference in IOHIDFamily and execute arbitrary code with system privileges [CVE-2014-4489].

A local user can run a specially crafted application to exploit a flaw in the handling of kernel extension APIs to obtain potentially sensitive information [CVE-2014-4491].

A local user can run a specially crafted application to trigger a cache permissions flaw to execute arbitrary code with system privileges [CVE-2014-4495].

A local user can run a specially crafted application to trigger an integer signedness error in IOBluetoothFamily and execute arbitrary code with system privileges [CVE-2014-4497]. Versions 10.8.x and 10.9.x are affected.

A physically local user can connect a specially crafted Thunderbolt device that, when connected to the target system during an EFI update, will modify the system's firmware [CVE-2014-4498]. Versions 10.10.x are affected on MacBook Pro Retina, MacBook Air (Mid 2013 and later), iMac (Late 2013 and later), and Mac Pro (Late 2013) systems.

On systems with additional logging enabled, a local user can access App Store logs to obtain Apple ID credentials [CVE-2014-4499]. Versions 10.10.x are affected.

A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target user's system [CVE-2014-8816]. Versions 10.8.x and 10.9.x are affected.

A local user can run a specially crafted application to trigger a type confusion error in coresymbolicationd in the processing of XPC messages and execute arbitrary code with system privileges [CVE-2014-8817].

A local user can run a specially crafted application to trigger errors in the Intel Graphics Driver and execute arbitrary code with system privileges [CVE-2014-8819, CVE-2014-8820, CVE-2014-8821].

A local user can run a specially crafted application to trigger a bounds checking flaw in IOHIDFamily and execute arbitrary code with system privileges [CVE-2014-8822].

A local privileged application can supply specially crafted arguments to trigger a memory handling flaw in the handling of IOUSB controller user client functions and read arbitrary portions of kernel memory [CVE-2014-8823]. Versions 10.10.x are affected.

A local user can run a specially crafted application to trigger a validation error in the processing of certain metadata fields of IODataQueue objects to execute arbitrary code with system privileges [CVE-2014-8824].

A local user can exploit a flaw in 'identitysvc' to spoof directory service responses to potentially gain elevated privileges [CVE-2014-8825]. Versions 10.10.x are affected.

A remote user can create a specially crafted JAR file that, when loaded by the target user, will bypass Gatekeeper checks [CVE-2014-8826].

The system may fail to lock immediately upon waking [CVE-2014-8827].

A local sandboxed process can bypass security restrictions to gain write access to the cache [CVE-2014-8828]. Versions 10.8.x and 10.9.x are affected.

A local user can run a specially crafted application to trigger an out-of-bounds memory write error and obtain potentially sensitive information [CVE-2014-8829]. Versions 10.8.x and 10.9.x are affected.

A remote user can create a specially crafted Collada file that, when loaded by the target user, will trigger a heap overflow and execute arbitrary code on the target user's system [CVE-2014-8830]. Versions 10.9.x and 10.10.x are affected.

A local user can run a specially crafted application with a self-signed or Developer ID certificate to access keychain items that belong to other applications [CVE-2014-8831]. Versions 10.9.x and 10.10.x are affected.

Spotlight may store memory contents on an external hard drive when indexing [CVE-2014-8832].

The system may display in Spotlight search results files that the user does not have privileges to read [CVE-2014-8833]. Versions 10.10.x are affected.

When a user prints a password-protected PDF file created via the Print dialog, passwords may be included in the printing preference files. A local user can obtain these passwords [CVE-2014-8834]. Version 10.10.x is affected.

A local user can run a specially crafted application to trigger a type confusion error in sysmond and gain elevated privileges [CVE-2014-8835]. Versions 10.9.x and 10.10.x are affected.

A local user can run a specially crafted application to trigger a flaw in the Bluetooth driver and execute arbitrary code with system privileges [CVE-2014-8837]. Version 10.x is affected.

A local downloaded application with a revoked Developer ID certificate can bypass Gatekeeper checks [CVE-2014-8838].

The following researchers reported these vulnerabilities:

Felipe Andres Manzano of the Binamuse VRT (via the iSIGHT Partners GVP Program), Gaurav Baruah (via HP's Zero Day Initiative), TaiG Jailbreak Team, @beist, Roberto Paleari and Aristide Fattori of Emaze Networks, Ian Beer of Google Project Zero,
@PanguTeam, Stefan Esser, David J Peacock, Independent Technology Consultant, F-Secure, Jose Duart of Google Security Team, Trammell Hudson of Two Sigma Investments, Sten Petersen, Vitaliy Toropov (via HP's Zero Day Initiative),
Alex Radocea of CrowdStrike, Mike Myers of Digital Operatives LLC, Xavier Bertels of Mono, multiple OS X seed testers, and Hernan Ochoa of Amplia Security.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

A local user can obtain elevated privileges on the target system.

A physically local user can modify the firmware on the target system.

A local user can obtain Apple ID credentials.

Solution:   The vendor has issued a fix (10.10.2, Security Update 2015-001).

The vendor's advisory is available at:

http://support.apple.com/en-us/HT204244

Vendor URL:  support.apple.com/en-us/HT204244 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC