Apple OS X Multiple Vulnerabilities

Apple has issued a security update for Mac OS X, which fixes a weakness, a security issue, and some vulnerabilities.

1. The product bundles a vulnerable version of PHP.
2. An unspecified error related to Bluetooth can be exploited to execute arbitrary code with escalated privileges.
3. An boundary error within CoreGraphics can be exploited to cause an out-of-bounds memory read and e.g. disclose potentially sensitive information.
4. An integer overflow error within CoreGraphics can be exploited to execute arbitrary code via a specially crafted PDF file.
5. An error when handling XML external entities within NSXMLParser can be exploited to disclose potentially sensitive information.
6. Multiple unspecified errors within the Intel Graphics driver can be exploited to execute arbitrary code with escalated privileges.
7. A NULL pointer dereference error within IOAcceleratorFamily can be exploited to execute arbitrary code with escalated privileges.
8. A boundary error within IOAcceleratorFamily can be exploited to cause out-of-bounds memory read and execute arbitrary code with escalated privileges.
9. A boundary error within IOHIDFamily can be exploited to cause a out-of-bounds memory read and subsequently bypass ASLR protection.
10. An error related to handling of metadata fields in IODataQueue objects within IOKit can be exploited to execute arbitrary code with escalated privileges.
11. An integer overflow error within IOKit can be exploited to execute arbitrary code with escalated privileges.
12. An error related to CPU Global Descriptor Table can be exploited to bypass ASLR protection.
13. A boundary error within Libnotify can be exploited to cause an out-of-bounds memory write and execute arbitrary code with escalated privileges.
14. The product bundles a vulnerable version of OpenSSL.
15. A error when handling RLE encoded movies files within QT Media Foundation can be exploited to execute arbitrary code.
16. A error within QT Media Foundation can be exploited to cause a buffer overflow and execute arbitrary code via a specially crafted MIDI file.
17. A error when handling "mvhd" atoms within QT Media Foundation can be exploited to execute arbitrary code.
18. The product bundles a vulnerable version of libyaml.

The vulnerabilities #6, #7, #9 through #11, and #13 are identified in versions 10.8.5 and 10.9 through 10.9.4.

The vulnerabilities #4 and #14 through #17 are identified in versions 10.7.5, 10.8.5, and 10.9 through 10.9.4.