SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Apple OS X Multiple Bugs Let Remote and Local Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Deny Service
SecurityTracker Alert ID:  1032048
SecurityTracker URL:  http://securitytracker.com/id/1032048
CVE Reference:   CVE-2015-1088, CVE-2015-1089, CVE-2015-1091, CVE-2015-1093, CVE-2015-1095, CVE-2015-1096, CVE-2015-1098, CVE-2015-1099, CVE-2015-1100, CVE-2015-1101, CVE-2015-1102, CVE-2015-1103, CVE-2015-1104, CVE-2015-1105, CVE-2015-1117, CVE-2015-1118, CVE-2015-1130, CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, CVE-2015-1135, CVE-2015-1136, CVE-2015-1137, CVE-2015-1138, CVE-2015-1139, CVE-2015-1140, CVE-2015-1141, CVE-2015-1142, CVE-2015-1143, CVE-2015-1144, CVE-2015-1145, CVE-2015-1146, CVE-2015-1147, CVE-2015-1148   (Links to External Site)
Updated:  Apr 11 2015
Original Entry Date:  Apr 8 2015
Impact:   Denial of service via local system, Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.8.5, 10.9.5, 10.10 to 10.10.2
Description:   Multiple vulnerabilities were reported in Apple OS X. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A local user can cause denial of service conditions on the target system. A local user can access potentially sensitive information on the target system. A remote user can view passwords in certain cases. A remote user can bypass same-origin restrictions on the target system.

A local user can exploit a flaw in the checking of XPC entitlements to gain administrative privleges [CVE-2015-1130]. OS X versions 10.10.x are affected.

Emil Kvarnhammar at TrueSec reported this vulnerability.

A local user can trigger input validation flaws in fontd to execute arbitrary code with system privileges [CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, CVE-2015-1135].

Ian Beer of Google Project Zero reported this vulnerability.

A cookie set in a redirect response may be passed on to a redirect target of another domain [CVE-2015-1089]. OS X versions 10.10.x are affected.

Niklas Keller reported this vulnerability.

An HTTP request header containing authentication credentials sent in a redirect response may be passed on to a redirect target of a different domain [CVE-2015-1091]. OS X versions 10.10.x are affected.

Diego Torres (http://dtorres.me) reported this vulnerability.

A remote user can create a specially crafted URL that, when loaded by the target user, will trigger an input validation flaw in the processing of URLs and execute arbitrary code [CVE-2015-1088]. OS X versions 10.10.x are affected.

Luigi Galli reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a use-after-free in CoreAnimation and execute arbitrary code [CVE-2015-1136].

A remote user can create specially crafted font file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code [CVE-2015-1093].

Marc Schoenefeld reported this vulnerability.

A local user can trigger a null pointer dereference in the NVIDIA graphics driver's processing of certain IOService userclient types to execute arbitrary code with system privileges [CVE-2015-1137]. OS X versions 10.9.5 and 10.10.x are affected.

Frank Graziano and John Villamil of the Yahoo Pentest Team reported this vulnerability.

A local application can trigger an input validation flaw in the hypervisor framework to cause denial of service conditions [CVE-2015-1138]. OS X versions 10.10.x are affected.

Izik Eidus and Alex Fishman reported this vulnerability.

A remote user can create a specially crafted '.sgi' file that, when processed by the target user or application, will execute arbitrary code [CVE-2015-1139].

An HID device can trigger a memory corruption error in an IOHIDFamily API to execute arbitrary code [CVE-2015-1095]. OS X versions 10.10.x are affected.

Andrew Church reported this vulnerability.

A local user can trigger a buffer overflow in IOHIDFamily to execute arbitrary code with system privileges [CVE-2015-1140].

lokihardt@ASRT (via HP's Zero Day Initiative) and Luca Todesco reported this vulnerability.

A local user can exploit a flaw in IOHIDFamily to determine kernel memory layout [CVE-2015-1096]. OS X versions 10.10.x are affected.

Ilja van Sprundel of IOActive reported this vulnerability.

A local user can trigger an error in the the mach_vm_read() operation to cause the system to shutdown [CVE-2015-1141]. OS X versions 10.10.x are affected.

Ole Andre Vadla Ravnas of www.frida.re reported this vulnerability.

A local user can trigger a race condition in the setreuid() system call to cause denial of service conditions [CVE-2015-1099].

Mark Mentovai of Google Inc reported this vulnerability.

A local application can invoke a service that makes setreuid() and setregid() system calls but does not properly drop privileges to gain elevated privileges [CVE-2015-1117].

Mark Mentovai of Google Inc reported this vulnerability.

A remote user in a privileged network position can send ICMP redirects to cause traffic from the target system to be redirected to arbitrary hosts [CVE-2015-1103]. OS X versions 10.10.x are affected.

Zimperium Mobile Security Labs reported this vulnerability.

A remote use in a privileged network position can trigger a state error in the processing of TCP headers and cause denial of service conditions [CVE-2015-1102]. OS X versions 10.10.x are affected.

Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab reported this vulnerability.

A local user can trigger an out-of-bounds memory access error in the kernel to read portions of kernel memory or cause the system to crash [CVE-2015-1100].

Maxime Villard of m00nbsd reported this vulnerability.

A remote user can send specially crafted IPv6 packets to bypass network filters [CVE-2015-1104].

Stephen Roettger of the Google Security Team reported this vulnerability.

A local user can trigger a memory corruption error in the kernel to execute arbitrary code with kernel level privileges [CVE-2015-1101].

lokihardt@ASRT reported this vulnerability (via HP's Zero Day Initiative).

A remote user can trigger a state error in the processing of TCP out-of-band data to cause denial of service conditions [CVE-2015-1105]. OS X versions 10.10.x are affected.

Kenton Varda of Sandstorm.io reported this vulnerability.

A local user can trigger an input validation flaw in LaunchServices in the processing of application localization data and cause Finder to crash [CVE-2015-1142]. OS X versions 10.10.x are affected.

A local user can trigger a type confusion error in LaunchServices in the processing of localized strings to execute arbitrary code with system privileges [CVE-2015-1143].

A local user can create a specially crafted configuration profile that, when loaded, will trigger a memory corruption error in libnetcore and cause the target application to crash [CVE-2015-1118]. OS X versions 10.10.x are affected.

Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of FireEye, Inc reported this vulnerability.

When an Open Directory client is bound to an OS X Server but does not have the certificates of the OS X Server installed and then a user on the client changes their password, the password change request is transmitted over the network without encryption [CVE-2015-1147]. OS X versions 10.9.5 and 10.10.x are affected.

A remote user can create a specially crafted iWork file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code [CVE-2015-1098].

Christopher Hickstein reported this vulnerability.

The Screen Sharing feature may log the target user's password [CVE-2015-1148]. OS X versions 10.10.x is affected.

A remote user can modify an application that, when launched by the target user, will bypass the code signing signature verification and launch [CVE-2015-1145, CVE-2015-1146].

A local user can trigger a buffer overflow in the processing of Uniform Type Identifiers to execute arbitrary code with system privileges [CVE-2015-1144].

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A local user can obtain elevated privileges on the target system.

A remote or local user can cause denial of service conditions.

A local user can access potentially sensitive information on the target system.

A remote user can view passwords in certain cases.

A remote user can bypass same-origin restrictions on the target system.

Solution:   The vendor has issued a fix (10.10.3; Security Update 2015-004).

The vendor's advisory is available at:

https://support.apple.com/kb/HT204659

Vendor URL:  support.apple.com/kb/HT204659 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error, State error

Message History:   This archive entry has one or more follow-up message(s) listed below.
May 19 2015 (Apple Issues Fix for Apple Watch) Apple OS X Multiple Bugs Let Remote and Local Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Deny Service
Apple has issued a fix for Apple Watch.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC