SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Apple QuickTime Vendors:   Apple
(Apple Issues Fix for QuickTime for Windows) Apple OS X Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Deny Service and Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1033347
SecurityTracker URL:  http://securitytracker.com/id/1033347
CVE Reference:   CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5779   (Links to External Site)
Date:  Aug 21 2015
Impact:   Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, Root access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7.7.8
Description:   Multiple vulnerabilities were reported in Apple OS X. A remote user can cause arbitrary code to be executed on the target user's system. A local user can cause denial of service conditions on the target system. A remote user can cause denial of service conditions on the target system. A remote user can modify files on the target system. A local user can gain system privileges on the target system. A remote user can obtain potentially sensitive information on the target system. QuickTime for Windows is affected.

An application can exploit a flaw in the Apple ID OD Plug-in to change the password of a user on the system [CV-2015-3799].

An application can trigger a flaw in AppleGraphicsControl to determine kernel memory layout [CVE-2015-5768].

A local user can trigger a memory corruption error in IOBluetoothHCIController to execute arbitrary code with system privileges [CVE-2015-3779].

An application can exploit a flaw in Bluetooth to determine kernel memory layout [CVE-2015-3780].

An application can exploit a flaw in Bluetooth to access a Bluetooth-paired Mac or iOS device's Notification Center notifications via the Apple Notification Center Service [CVE-2015-3786].

A remote user in a privileged network position can send specially crafted Bluetooth packets to cause denial of service conditions [CVE-2015-3787].

A local user can trigger buffer overflows in 'blued' in the processing of XPC messages to execute arbitrary code [CVE-2015-3777].

A remote user can create a series of specially crafted unicode characters that, when processed by the target application, will trigger a memory corruption error in the Data Detectors Engine and execute arbitrary code [CVE-2015-5750].

An error in the Date and Time preference pane may cause applications that use system time to have unexpected behavior [CVE-2015-3757].

A remote user in a privileged network position can monitor the target user's Dictionary app queries [CVE-2015-3774].

A local user can trigger a path validation flaw in dyld to execute arbitrary code with system privileges [CVE-2015-3760].

An application can exploit a flaw in the 'Install.framework' 'runner' in the management of privileges to execute arbitrary code with root privileges [CVE-2015-5754, CVE-2015-5784].

A local user can trigger a memory corruption error in IOFireWireFamily to execute arbitrary code with system privileges [CVE-2015-3769, CVE-2015-3771, CVE-2015-3772].

An application can trigger a memory corruption error in IOGraphics to execute arbitrary code with system privileges [CVE-2015-3770, CVE-2015-5783].

A local user can trigger a flaw in the fasttrap driver to consume excessive resources on the target system [CVE-2015-5747].

A local user can exploit a validation flaw in the mounting of HFS volumes to cause denial of service conditions on the target system [CVE-2015-5748].

A local user can trigger a path validation flaw in the kernel to execute arbitrary code with system privileges [CVE-2015-3761].

A local user can trigger a memory corruption error in IOBluetoothHCIController to execute arbitrary code with system privileges [

A local user can exploit a validation flaw in mailx to execute arbitrary shell commands [CVE-2014-7844].

An application can exploit a flaw in the Notification Center to access all notifications previously displayed to users [CVE-2015-3764].

A local user can trigger a memory corruption error in NTFS to execute arbitrary code with system privileges [CVE-2015-5763]

A remote user can create a specially crafted QuickTime file that, when loaded by the target user, will trigger a memory corruption error in the Quartz Composer Framework and execute arbitrary code [CVE-2015-5771].

A local user can search for a previously viewed website to cause the web browser to launch and render that website [CVE-2015-3781].

A remote user can create a specially crafted file that, when loaded by the target user, will trigger a memory corruption error in QuickTime and execute arbitrary code [CVE-2015-3765, CVE-2015-3772, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, CVE-2015-5779].

A remote user can create a specially crafted Collada file that, when loaded by the target user, will trigger a heap overflow in SceneKit and execute arbitrary code [CVE-2015-5772].

A remote user can trigger a memory corruption error in SceneKit and execute arbitrary code [CVE-2015-3783].

A local user can obtain admin privileges [CVE-2015-3775].

A remote user can trigger a memory corruption error in the SMB client to execute arbitrary code [CVE-2015-3773].

A remote user can create a specially crafted unicode string that, when parsed by the target application, will trigger a memory corruption error in the Speech UI and execute arbitrary code [CVE-2015-3794].

A remote user can create a specially crafted text file containing an external entity reference that, when loaded by the target user, will disclose user information [CVE-2015-3762].

A remote user can create a specially crafted DMG file that, when loaded by the target user, will trigger a memory corruption error in udf and execute arbitrary code with system privileges [CVE-2015-3767].

An anonymous researcher working (via HP's Zero Day Initiative), JieTao Yang of KeenTeam, Teddy Reed of Facebook Security, Roberto Paleari and Aristide Fattori of Emaze Networks, Xiaolong Bai (Tsinghua University), System Security Lab (Indiana University), Tongxin Li (Peking University), XiaoFeng Wang (Indiana University), Trend Micro, mitp0sh of [PDX], M1x7e1 of Safeye Team (www.safeye.org), Mark S C Smith, Jeffrey Paul of EEQJ, Jan Bee of the Google Security Team, beist of grayhash, Stefan Esser, Ian Beer of Google Project Zero, Ilja van Sprundel, Maxime VILLARD of m00nbsd, Jonathan Zdziarski, Andrew Pouliot of Facebook, Anto Loyola of Qubole, Joe Burnett of Audio Poison, Ryan Pentney and Richard Johnson of Cisco Talos, WalkerFuz, Haris Andrianakis of Google Security Team, [Eldon Ahrold], Adam Greenbaum of Refinitive, and Xiaoyong Wu of the Evernote Security Team reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote or local user can cause denial of service conditions on the target system.

A local user can obtain system privileges on the target system.

A remote user can obtain potentially sensitive information on the target system.

Solution:   Apple has issued a fix for CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5779 for QuickTime for Windows.

The Apple advisory is available at:

https://support.apple.com/en-us/HT205046

Vendor URL:  support.apple.com/en-us/HT205046 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error, Resource error
Underlying OS:  Windows (7), Windows (Vista)

Message History:   This archive entry is a follow-up to the message listed below.
Aug 14 2015 Apple OS X Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Deny Service and Let Local Users Gain Elevated Privileges



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC