SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Apple OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1032760
SecurityTracker URL:  http://securitytracker.com/id/1032760
CVE Reference:   CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2015-3671, CVE-2015-3672, CVE-2015-3673, CVE-2015-3674, CVE-2015-3675, CVE-2015-3676, CVE-2015-3677, CVE-2015-3678, CVE-2015-3679, CVE-2015-3680, CVE-2015-3681, CVE-2015-3682, CVE-2015-3683, CVE-2015-3684, CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, CVE-2015-3689, CVE-2015-3690, CVE-2015-3691, CVE-2015-3694, CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, CVE-2015-3702, CVE-2015-3703, CVE-2015-3704, CVE-2015-3705, CVE-2015-3706, CVE-2015-3707, CVE-2015-3708, CVE-2015-3709, CVE-2015-3710, CVE-2015-3711, CVE-2015-3712, CVE-2015-3714, CVE-2015-3715, CVE-2015-3716, CVE-2015-3717, CVE-2015-3718, CVE-2015-3719, CVE-2015-3721   (Links to External Site)
Date:  Jul 1 2015
Impact:   Disclosure of system information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.8.5, 10.9.5, 10.10 to 10.10.3
Description:   Multiple vulnerabilities were reported in Apple OS X. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain potentially sensitive information. A local user can obtain elevated privileges on the target system. A local user can bypass security restrictions.

A remote user can create a specially crafted file that, when processed by libtiff, will execute arbitrary code on the target system [CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130].

A local user (process) can exploit a flaw in the checking of XPC entitlements to gain administrative privileges [CVE-2015-3671]. OS X 10.9.5 and 10.10.x are affected.

Emil Kvarnhammar at TrueSec reported this vulnerability.

A local user without administrative privileges can trigger a flaw in user authentication to gain administrative privileges [CVE-2015-3672]. OS X 10.9.5 and 10.10.x are affected.

Emil Kvarnhammar at TrueSec reported this vulnerability.

A local user can move and modify Directory Utility to gain root privileges on the target system [CVE-2015-3673]. OS X 10.10.x is affected.

Patrick Wardle of Synack and Emil Kvarnhammar at TrueSec reported this vulnerability.

A remote user can trigger a memory corruption flaw in the AFP server to execute arbitrary code [CVE-2015-3674].

Dean Jerkovich of NCC Group reported this vulnerability.

The default Apache configuration does not include mod_hfs_apple. A remote can submit a specially crafted URL to access ostensibly protected directories on the target web service [CVE-2015-3675]. OS X 10.10.x is affected.

A local application can determine kernel memory layout [CVE-2015-3676, CVE-2015-3677, CVE-2015-3690, CVE-2015-3711, CVE-2015-3721].

Chen Liang of KEEN Team, an anonymous researcher (via HP's Zero Day Initiative), Peter Rutenbar (via with HP's Zero Day Initiative), and Ian Beer of Google Project Zero reported these vulnerabilities.

A local user (application) can trigger a memory corruption error and execute arbitrary code with system privileges. AppleThunderboltEDMService is affected [CVE-2015-3678]. Bluetooth HCI is affected [CVE-2015-3683]. The Monitor Control Command Set kernel extension is affected [CVE-2015-3691]. The 'Install.framework' 'runner' binary is affected [CVE-2015-3704]. IOAcceleratorFamily is affected [CVE-2015-3705, CVE-2015-3706]. The FireWire driver is affected [CVE-2015-3707]. The NVIDIA graphics driver is affected [CVE-2015-3712].

Roberto Paleari and Aristide Fattori of Emaze Networks, Ian Beer of Google Project Zero, and KEEN Team reported some of these vulnerabilities.

A remote user can create a specially crafted font file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system [CVE-2015-3679, CVE-2015-3680, CVE-2015-3681, CVE-2015-3682]. OS X 10.10.x is affected.

Pawel Wylecial (via HP's Zero Day Initiative), John Villamil (@day6reak) of the Yahoo Pentest Team, and Nuode Wei reported these vulnerabilities.

A remote user that can conduct a man-in-the-middle attack can use a certificate signed by an incorrecly issued CNNIC certificate authority to bypass trusted certificate validation.

A remote user can create a specially crafted URL that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code [CVE-2015-3684].

A remote user can create a specially crafted text file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code [CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, CVE-2015-3689].

John Villamil (@day6reak) of the Yahoo Pentest Team reported some of these vulnerabilities.

A remote user can create a specially crafted font file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code [CVE-2015-3694]. OS X 10.10.x is affected.

John Villamil (@day6reak) of the Yahoo Pentest Team reported this vulnerability.

A local user can trigger a buffer overflow in the Intel graphics driver to execute arbitrary code system privileges [CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, CVE-2015-3702].

KEEN Team and Ian Beer of Google Project Zero reported some of these vulnerabilities.

A remote user can create a specially crafted '.tiff' file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code [CVE-2015-3703].

A local user (application) can exploit a symbolic link (symlink) flaw in kext tools to overwrite arbitrary files on the target system [CVE-2015-3708]. OS X 10.10.x is affected.

Ian Beer of Google Project Zero reported this vulnerability.

A local user can exploit a time-of-check time-of-use (TOCTOU) race condition during the validation of kernel extension paths to load unsigned kernel extensions [CVE-2015-3709]. OS X 10.10.x is affected.

Ian Beer of Google Project Zero reported this vulnerability.

A remote user can send a specially crafted email message that, when loaded by the target user, will replace the message content with an arbitrary web page [CVE-2015-3710]. OS X 10.10.x is affected.

Aaron Sigel of vtty.com and Jan Soucek reported this vulnerability.

A local user (application) that uses custom resource rules can be modified so that the system will still launch the application [CVE-2015-3714].

Joshua Pitts of Leviathan Security Group reported this vulnerability.

A local user (application) can load a library outside of the application bundle to bypass code signing protection [CVE-2015-3715].

Patrick Wardle of Synack reported this vulnerability.

A local user can create a specially crafted photo file and add the file to the local photo library and then search Spotlight for the file to execute arbitrary commands on the target system [CVE-2015-3716].

A remote user can trigger buffer overflows in SQLite to execute arbitrary code [CVE-2015-3717]. OS X 10.10.x is affected.

Peter Rutenbar (via HP's Zero Day Initiative) reported this vulnerability.

A local user (application) can send a specially crafted interprocess communication message to trigger a type confusion flaw in 'systemstatsd' and execute arbitrary code [CVE-2015-3718]. The code will run with the privileges of the target process. OS X 10.10.x is affected.

Roberto Paleari and Aristide Fattori of Emaze Networks reported this vulnerability.

A remote user can create a specially crafted font file that, when processed by the target application, will trigger a memory corruption flaw and execute arbitrary code [CVE-2015-3719]. OS X 10.10.x is affected.

John Villamil (@day6reak) of the Yahoo Pentest Team reported this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.

A local user can obtain elevated privileges on the target system.

Solution:   The vendor has issued a fix (10.10.4, Security Update 2015-005)

The vendor's advisory is available at:

https://support.apple.com/kb/HT204942

Vendor URL:  support.apple.com/kb/HT204942 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error, State error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 16 2015 (Apple Issues Fix for Apple iTunes) Apple OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
Apple has issued a fix for Apple iTunes for Windows.
Aug 2 2016 (Red Hat Issues Fix) Apple OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Mar 23 2017 (Apple Issues Fix for Apple iTunes) Apple OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
Apple has issued a fix for Apple iTunes.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC