Skip to main content

Apple OS X Multiple Vulnerabilities

Last Update Date: 25 Apr 2014 Release Date: 24 Apr 2014 3676 Views

RISK: High Risk

TYPE: Operating Systems - Mac OS

TYPE: Mac OS

Multiple vulnerabilities have been identified in Apple OS X, which can be exploited to conduct security restriction bypass, manipulation of data, sensitive information disclosure, denial of service and remote code execution.

  1. A format string error exists when handling URLs within the CoreServicesUIAgent component, which can be exploited to execute arbitrary code.
  2. An error exists within the FontParser component.
  3. An error exists when handling ASN.1 data within the Heimdal Kerberos component, which can be exploited to cause an abort.
  4. A boundary error exists when handling JPEG images within the ImageIO component, which can be exploited to cause a buffer overflow via a specially crafted JPEG image.
  5. An error exists when handling a pointer from userspace within the Intel Graphics Driver component, which can be exploited to cause memory corruption.
  6. An error exists in a bundled, vulnerable version of libyaml within the Ruby component.
  7. Another error exists within the Ruby component.
  8. An error exists when handling SSL within the Security - Secure Transport component, which can be exploited to potentially disclose certain data or manipulate certain session operations via a triple handshake attack.
  9. An error exists when handling WindowServer sessions within the WindowServer component, which can be exploited to bypass certain sandbox restrictions.

Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure
  • Data Manipulation

System / Technologies affected

  • Versions 10.7.x, 10.8.x and 10.9.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Apply Security Update 2014-002.

Vulnerability Identifier


Source


Related Link