Apple OS X Multiple Vulnerabilities
Last Update Date:
19 Sep 2014 16:36
Release Date:
19 Sep 2014
4029
Views
RISK: Medium Risk
TYPE: Operating Systems - Mac OS
Apple has issued a security update for Mac OS X, which fixes a weakness, a security issue, and some vulnerabilities.
- The product bundles a vulnerable version of PHP.
- An unspecified error related to Bluetooth can be exploited to execute arbitrary code with escalated privileges.
- An boundary error within CoreGraphics can be exploited to cause an out-of-bounds memory read and e.g. disclose potentially sensitive information.
- An integer overflow error within CoreGraphics can be exploited to execute arbitrary code via a specially crafted PDF file.
- An error when handling XML external entities within NSXMLParser can be exploited to disclose potentially sensitive information.
- Multiple unspecified errors within the Intel Graphics driver can be exploited to execute arbitrary code with escalated privileges.
- A NULL pointer dereference error within IOAcceleratorFamily can be exploited to execute arbitrary code with escalated privileges.
- A boundary error within IOAcceleratorFamily can be exploited to cause out-of-bounds memory read and execute arbitrary code with escalated privileges.
- A boundary error within IOHIDFamily can be exploited to cause a out-of-bounds memory read and subsequently bypass ASLR protection.
- An error related to handling of metadata fields in IODataQueue objects within IOKit can be exploited to execute arbitrary code with escalated privileges.
- An integer overflow error within IOKit can be exploited to execute arbitrary code with escalated privileges.
- An error related to CPU Global Descriptor Table can be exploited to bypass ASLR protection.
- A boundary error within Libnotify can be exploited to cause an out-of-bounds memory write and execute arbitrary code with escalated privileges.
- The product bundles a vulnerable version of OpenSSL.
- A error when handling RLE encoded movies files within QT Media Foundation can be exploited to execute arbitrary code.
- A error within QT Media Foundation can be exploited to cause a buffer overflow and execute arbitrary code via a specially crafted MIDI file.
- A error when handling "mvhd" atoms within QT Media Foundation can be exploited to execute arbitrary code.
- The product bundles a vulnerable version of libyaml.
The vulnerabilities #6, #7, #9 through #11, and #13 are identified in versions 10.8.5 and 10.9 through 10.9.4.
The vulnerabilities #4 and #14 through #17 are identified in versions 10.7.5, 10.8.5, and 10.9 through 10.9.4.
Impact
- Denial of Service
- Elevation of Privilege
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- The vulnerabilities #4 and #14 through #17 are identified in versions 10.7.5, 10.8.5, and 10.9 through 10.9.4.
- The vulnerabilities #1 through #3, #5, #8, #12, and #18 are identified in versions 10.9 through 10.9.4.
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 10.9.5 or apply Security Update 2014-004
Vulnerability Identifier
- CVE-2013-7345
- CVE-2014-0076
- CVE-2014-0195
- CVE-2014-0207
- CVE-2014-0221
- CVE-2014-0224
- CVE-2014-0237
- CVE-2014-0238
- CVE-2014-1391
- CVE-2014-1943
- CVE-2014-2270
- CVE-2014-3470
- CVE-2014-3478
- CVE-2014-3479
- CVE-2014-3480
- CVE-2014-3487
- CVE-2014-3515
- CVE-2014-4049
- CVE-2014-4374
- CVE-2014-4376
- CVE-2014-4377
- CVE-2014-4378
- CVE-2014-4379
- CVE-2014-4381
- CVE-2014-4388
- CVE-2014-4389
- CVE-2014-4390
- CVE-2014-4394
- CVE-2014-4395
- CVE-2014-4396
- CVE-2014-4397
- CVE-2014-4398
- CVE-2014-4399
- CVE-2014-4400
- CVE-2014-4401
- CVE-2014-4402
- CVE-2014-4416
Source
Related Link
Share with