SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Apple OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Let Apps Gain Elevated Privileges
SecurityTracker Alert ID:  1033929
SecurityTracker URL:  http://securitytracker.com/id/1033929
CVE Reference:   CVE-2015-5924, CVE-2015-5925, CVE-2015-5926, CVE-2015-5927, CVE-2015-5928, CVE-2015-5929, CVE-2015-5930, CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5939, CVE-2015-5940, CVE-2015-5942, CVE-2015-6974, CVE-2015-6975, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6979, CVE-2015-6980, CVE-2015-6981, CVE-2015-6982, CVE-2015-6983, CVE-2015-6986, CVE-2015-6988, CVE-2015-6989, CVE-2015-6990, CVE-2015-6991, CVE-2015-6992, CVE-2015-6993, CVE-2015-6994, CVE-2015-6995, CVE-2015-6996, CVE-2015-6997, CVE-2015-6999, CVE-2015-7000, CVE-2015-7002, CVE-2015-7004, CVE-2015-7005, CVE-2015-7006, CVE-2015-7008, CVE-2015-7009, CVE-2015-7012, CVE-2015-7014, CVE-2015-7015, CVE-2015-7017, CVE-2015-7022, CVE-2015-7023, CVE-2015-7024   (Links to External Site)
Updated:  Feb 11 2016
Original Entry Date:  Oct 22 2015
Impact:   Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.9.5, 10.10.5, 10.11
Description:   Multiple vulnerabilities were reported in Apple OS X. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can modify data on the target system. A local user can obtain elevated privileges on the target system. An application can modify files on the target system. An application can gain elevated privileges.

A remote user can create specially crafted web content that, when loaded by the target user, will trigger a memory corruption error in the Accelerate Framework in multi-threading mode and execute arbitrary code on the target user's system [CVE-2015-5940].

A remote user can create a specially CPIO archive that, when unpacked by the target user, will execute arbitrary code on the target user's system [CVE-2015-7006].

A remote user can create a specially crafted website that, when loaded by the target user, will overwrite cookies on the target user's system [CVE-2015-7023].

An application can trigger a heap overflow in the DNS client library to gain elevated privileges [CVE-2015-7015].

A remote user can create a specially crafted website that, when loaded by the target user, will trigger a memory corruption error in CoreGraphics and execute arbitrary code on the target user's system [CVE-2015-5925, CVE-2015-5926].

A remote user can create a specially crafted font that, when loaded by the target user, will trigger a memory corruption error in CoreText and execute arbitrary code on the target user's system [CVE-2015-6975, CVE-2015-6992, CVE-2015-7017].

An application can trigger a memory corruption error in the parsing of disk images to execute arbitrary code with system privileges [CVE-2015-6995].

A remote user can create a specially crafted font file that, when loaded by the target user, will trigger a memory corruption error in FontParser and execute arbitrary code on the target user's system [CVE-2015-5927, CVE-2015-5942, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, CVE-2015-7018].

An application can trigger a memory corruption error in GasGauge to execute arbitrary code with kernel privileges [CVE-2015-6979].

A remote user can create a specially crafted package that, when loaded by the target user, will trigger a memory corruption error in Grand Central Dispatch and execute arbitrary code on the target user's system [CVE-2015-6989].

An application can trigger a type confusion issue existed in AppleVXD393 to execute arbitrary code with kernel privileges [CVE-2015-6986].

A remote user can create a specially crafted image file that, when loaded by the target user, will trigger a memory corruption error in the parsing of image metadata and execute arbitrary code on the target user's system [CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5939].

An application can trigger a memory corruption error in IOAcceleratorFamily to execute arbitrary code with system privileges [CVE-2015-6996].

An application can trigger a memory corruption error in the kernel to execute arbitrary code with kernel privileges [CVE-2015-6974].

An application can trigger an input validation flaw in the kernel and cause denial of service conditions [CVE-2015-7004].

A remote user in a privileged network position can trigger an uninitialized memory error in the kernel to execute arbitrary code on the target system [CVE-2015-6988].

An application can trigger a virtual memory reuse error and cause denial of service conditions [CVE-2015-6994].

The system does not immediately apply configuration changes when the "Show on Lock Screen" setting is turned off for Phone or Messages. A physically local user can view Phone and Messages notifications on the lock screen [CVE-2015-7000].

A remote user can create a specially crafted website that, when loaded by the target user, will trigger a memory corruption error in OpenGL and execute arbitrary code on the target user's system [CVE-2015-5924].

An application can trigger a double-free memory error in the processing of AtomicBufferedFile descriptors to overwrite arbitrary files [CVE-2015-6983].

A validation flaw may occur in the OCSP client [CVE-2015-6999]. A user may be able to cause a revoked certificate appear to be valid.

The kSecRevocationRequirePositiveResponse flag was not implemented [CVE-2015-6997]. A trust evaluation to etermine revocation status may succeed if revocation checking fails.

An application can query phone call status to obtain potentially sensitive information [CVE-2015-7022].

A remote user can create specially crafted web content that, when loaded by the target user, will trigger a memory corruption flaw in WebKit and execute arbitrary code on the target user's system [CVE-2015-5928, CVE-2015-5929, CVE-2015-5930, CVE-2015-6981, CVE-2015-6982, CVE-2015-7002, CVE-2015-7005, CVE-2015-7012, CVE-2015-7014].

A local user can exploit an authentication flaw in Directory Utility in the establishment of new sessions to execute arbitrary code with root privileges [CVE-2015-6980].

Some Apple-signed executables load applications from relative locations [CVE-2015-7024]. A local user can exploit this to cause an Apple-signed executable binary to load arbitrary files.

Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International
Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley (via CERT/CC), Marvin Scholz, Mark Dowd at Azimuth Security, PanguTeam, John Villamil (@day6reak) of Yahoo Pentest Team,
Ian Beer of Google Project Zero, Jaanus Kp of Clarified Security (via HP's Zero Day Initiative), Proteas of Qihoo 360 Nirvan Team, Luca Todesco (@qwertyoruiop), Sergi Alvarez (pancake) of NowSecure Research Team, The Brainy Code Scanner (m00nbsd), Mark Mentovai of Google Inc., William Redwood of Hampton School, Andreas Kurtz of NESO Security Labs, Michael of Westside Community Schools, Patrick Wardle of Synack,
and David Benjamin, Greg Kerr, Mark Mentovai, and Sergey Ulanov from the Chrome Team reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can modify data on the target system.

A local user can obtain elevated privileges on the target system.

An application can gain elevated privileges on the target system.

An application can modify files on the target system.

Solution:   The vendor has issued a fix.

The vendor's advisory is available at:

https://support.apple.com/en-us/HT205375

Vendor URL:  support.apple.com/en-us/HT205375 (Links to External Site)
Cause:   Access control error, Boundary error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 22 2015 (Apple Issues Fix for Apple iOS) Apple OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Let Apps Gain Elevated Privileges
Apple has issued a fix for Apple iOS.
Oct 22 2015 (Apple Issues Fix for Apple Watch) Apple OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Let Apps Gain Elevated Privileges
Apple has issued a fix for Apple Watch.
Oct 22 2015 (Apple Issues Fix for Apple Safari) Apple OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Let Apps Gain Elevated Privileges
Apple has issued a fix for Apple Safari.
Oct 22 2015 (Apple Issues Fix for Apple iTunes) Apple OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Let Apps Gain Elevated Privileges
Apple has issued a fix for Apple iTunes.
Dec 9 2015 (Apple Issues Fix for Apple Watch) Apple OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Let Apps Gain Elevated Privileges
Apple has issued a fix for Apple Watch.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC