Skip to main content

Apple OS X Multiple Vulnerabilities

Last Update Date: 19 Sep 2014 16:36 Release Date: 19 Sep 2014 4029 Views

RISK: Medium Risk

TYPE: Operating Systems - Mac OS

TYPE: Mac OS

Apple has issued a security update for Mac OS X, which fixes a weakness, a security issue, and some vulnerabilities.

  1. The product bundles a vulnerable version of PHP.
  2. An unspecified error related to Bluetooth can be exploited to execute arbitrary code with escalated privileges.
  3. An boundary error within CoreGraphics can be exploited to cause an out-of-bounds memory read and e.g. disclose potentially sensitive information.
  4. An integer overflow error within CoreGraphics can be exploited to execute arbitrary code via a specially crafted PDF file.
  5. An error when handling XML external entities within NSXMLParser can be exploited to disclose potentially sensitive information.
  6. Multiple unspecified errors within the Intel Graphics driver can be exploited to execute arbitrary code with escalated privileges.
  7. A NULL pointer dereference error within IOAcceleratorFamily can be exploited to execute arbitrary code with escalated privileges.
  8. A boundary error within IOAcceleratorFamily can be exploited to cause out-of-bounds memory read and execute arbitrary code with escalated privileges.
  9. A boundary error within IOHIDFamily can be exploited to cause a out-of-bounds memory read and subsequently bypass ASLR protection.
  10. An error related to handling of metadata fields in IODataQueue objects within IOKit can be exploited to execute arbitrary code with escalated privileges.
  11. An integer overflow error within IOKit can be exploited to execute arbitrary code with escalated privileges.
  12. An error related to CPU Global Descriptor Table can be exploited to bypass ASLR protection.
  13. A boundary error within Libnotify can be exploited to cause an out-of-bounds memory write and execute arbitrary code with escalated privileges.
  14. The product bundles a vulnerable version of OpenSSL.
  15. A error when handling RLE encoded movies files within QT Media Foundation can be exploited to execute arbitrary code.
  16. A error within QT Media Foundation can be exploited to cause a buffer overflow and execute arbitrary code via a specially crafted MIDI file.
  17. A error when handling "mvhd" atoms within QT Media Foundation can be exploited to execute arbitrary code.
  18. The product bundles a vulnerable version of libyaml.

The vulnerabilities #6, #7, #9 through #11, and #13 are identified in versions 10.8.5 and 10.9 through 10.9.4.

The vulnerabilities #4 and #14 through #17 are identified in versions 10.7.5, 10.8.5, and 10.9 through 10.9.4.


Impact

  • Denial of Service
  • Elevation of Privilege
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • The vulnerabilities #4 and #14 through #17 are identified in versions 10.7.5, 10.8.5, and 10.9 through 10.9.4.
  • The vulnerabilities #1 through #3, #5, #8, #12, and #18 are identified in versions 10.9 through 10.9.4.

 


Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 10.9.5 or apply Security Update 2014-004

Vulnerability Identifier


Source


Related Link