SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Apple OS X Multiple Flaws Let Remote and Local Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Deny Service and Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1033703
SecurityTracker URL:  http://securitytracker.com/id/1033703
CVE Reference:   CVE-2013-3951, CVE-2014-9709, CVE-2015-3330, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3785, CVE-2015-5522, CVE-2015-5523, CVE-2015-5830, CVE-2015-5833, CVE-2015-5836, CVE-2015-5849, CVE-2015-5853, CVE-2015-5854, CVE-2015-5864, CVE-2015-5865, CVE-2015-5866, CVE-2015-5870, CVE-2015-5871, CVE-2015-5872, CVE-2015-5873, CVE-2015-5875, CVE-2015-5877, CVE-2015-5878, CVE-2015-5881, CVE-2015-5883, CVE-2015-5884, CVE-2015-5887, CVE-2015-5888, CVE-2015-5889, CVE-2015-5890, CVE-2015-5891, CVE-2015-5893, CVE-2015-5894, CVE-2015-5897, CVE-2015-5900, CVE-2015-5901, CVE-2015-5902, CVE-2015-5913, CVE-2015-5914, CVE-2015-5915, CVE-2015-5917, CVE-2015-5922, CVE-2015-7760   (Links to External Site)
Updated:  Dec 11 2016
Original Entry Date:  Oct 1 2015
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 10.11
Description:   Multiple vulnerabilities were reported in Apple OS X. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can cause denial of service conditions on the target system. A remote or local user can obtain potentially sensitive information. A local user can obtain elevated privileges on the target system. A remote user can execute arbitrary code on the target system.

A local user can exploit a flaw in Address Book in the processing of an environment variable to inject arbitrary code to processes loading the Address Book framework [CVE-2015-5897].

A remote user with the ability to monitor the network can exploit a flaw in the processing of eSCL packets to extract a payload [CVE-2015-5853].

An application can exploit an access control flaw to access the target user's keychain items [CVE-2015-5836].

A remote authenticated user connected via screen sharing can can send Apple Events to the target user's session [CVE-2015-5849].

An application can exploit a flaw in the protected range register to prevent some systems from booting [CVE-2015-5900].

A physically local user with a connected Apple Ethernet Thunderbolt adapter can modify the firmware on the target system during an EFI update [CVE-2015-5914].

The "Secure Empty Trash" feature may not securely delete files on flash storage placed in the Trash [CVE-2015-5901].

A local user can exploit a Kerberos authentication flaw to replay Kerberos credentials to the target SMB server [CVE-2015-5913].

Some vulnerabilities in ICU have unspecified impact [CVE-2015-5922].

A local user can exploit a flaw in the Install private framework to gain root privileges [CVE-2015-5888].

A local user can trigger memory corruption errors in the Intel Graphics Driver to execute arbitrary code with system privileges [CVE-2015-5830, CVE-2015-5877].

A local user can exploit a flaw in IOAudioFamily to determine kernel memory layout [CVE-2015-5864].

A local user can trigger a memory corruption error in IOGraphics to execute arbitrary code with kernel privileges [CVE-2015-5871, CVE-2015-5872, CVE-2015-5873, CVE-2015-5890].

A local user can exploit a flaw in IOGraphics to determine kernel memory layout [CVE-2015-5865].

An application can exploit a flaw in IOHIDFamily to execute arbitrary code with system privileges [CVE-2015-5866].

A local user can exploit a flaw in kernel debugging interfaces to determine kernel memory layout [CVE-2015-5870].

A local user can exploit a state management flaw in kernel debugging to cause denial of service conditions on the target system [CVE-2015-5902].

A remote user can establish multiple SSH connections to cause denial of service conditions on the target system [CVE-2015-5881].

The screen lock may fail to engage [CVE-2015-5833].

A remote user can exploit a glob processing flaw in tnftpd to cause denial of service conditions on the target FTP server [CVE-2015-5917].

A user can obtain potentially sensitive information when the target user prints an email [CVE-2015-5881].

A remote user that can monitor the network can intercept attachments of S/MIME-encrypted e-mail sent via Mail Drop [CVE-2015-5884].

A local user can exploit a link parsing flaw in the Notes application to obtain potentially sensitive information [CVE-2015-5878].

A local user can conduct a cross-site scripting attack via the Notes application to obtain potentially sensitive information [CVE-2015-5875].

A local user can exploit a flaw in the processing of environment variables in rsh to execute arbitrary code with root privileges [CVE-2015-5889].

The system may display the incorrect lock state of the keychain [CVE-2015-5915].

The system does not enforce the kSecRevocationRequirePositiveResponse flag [CVE-2015-5894]. As a result, a revocation check may fail to detect a certificate revocation.

A remote user (server) can issue a CertificateRequest message before the ServerKeyExchange message to obtain the target certificate [CVE-2015-5887].

A local user can trigger a memory corruption flaw to execute arbitrary code with kernel privileges [CVE-2015-5891].

A local user can exploit a flaw in SMBClient to determine kernel memory layout [CVE-2015-5893].

A user can exploit vulnerabilities in SQLite [CVE-2015-3414, CVE-2015-3415, CVE-2015-3416].

A local user can exploit a flaw in Continuity to place phone calls without the target user's knowledge [CVE-2015-3785].

A remote user can supply specially crafted text containing bidirectional override characters via Terminal to mislead the target user [CVE-2015-5883].

A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target user's system [CVE-2015-5522, CVE-2015-5523].

A local user can exploit a flaw in backups in the Time Machine framework to gain access to keychain items [CVE-2015-5854].

A remote user can repeatedly connect to the SSH port to cause libxpc to consume excessive resources on the target system [CVE-2015-7760].

Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of INRIA Paris-Rocquencourt, Dan Bastone of Gotham Digital Science, an anonymous researcher, XiaoFeng Wang of Indiana University, Luyi Xing of Indiana University, Tongxin Li of Peking University, Tongxin Li of Peking University,
Xiaolong Bai of Tsinghua University, Jack Lawrence (@_jackhl), Xeno Kovah and Corey Kallenberg from LegbaCore, Trammell Hudson of Two Sigma Investments, snare, Tarun Chopra of Microsoft Corporation, U.S., Yu Fan of Microsoft Corporation, China, Yuki MIZUNO (@mzyy94), Camillus Gerard Cai, Luca Todesco, Ilja van Sprundel of IOActive,
Sergi Alvarez (pancake) of NowSecure Research Team, Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, Maksymilian Arciemowicz of cxsecurity.com, Owen DeLong of Akamai Technologies,
Noritaka Kamiya, Dennis Klein from Eschenburg, Germany, Jeff Hammett of Systim Technology Partners, John McCombs of Integrated Mapping Ltd, Craig Young of Tripwire VERT, xisigr of Tencent's Xuanwu LAB (www.tencent.com), Philip Pettersson, Peter Walz of University of Minnesota, David Ephron, Eric E. Lawrence, Hannes Oud of kWallet GmbH,
Cedric Fournet and Markulf Kohlweiss of Microsoft Research, Pierre-Yves Strub of IMDEA Software Institute, Fernando Munoz of NULLGroup.com, and Jonas Magazinius of Assured AB reported these vulnerabilities.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can cause denial of service conditions.

A local or remote user can obtain potentially sensitive information on the target system.

A local user can obtain elevated privileges on the target system.

A remote user can execute arbitrary code on the target system.

A remote user can obtain potentially sensitive information on the target system.

Solution:   The vendor has issued a fix (10.11).

The vendor's advisory is available at:

https://support.apple.com/en-us/HT205267

Vendor URL:  support.apple.com/en-us/HT205267 (Links to External Site)
Cause:   Access control error, Authentication error, Input validation error, State error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 23 2017 (Apple Issues Fix for Apple iTunes) Apple OS X Multiple Flaws Let Remote and Local Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Deny Service and Let Local Users Gain Elevated Privileges
Apple has issued a fix for Apple iTunes.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC