فا

‫ Apple OS X Multiple Vulnerabilities

ID: IRCAD2015013723
Release Date: 2015-01-28
Criticality level: Highly critical
Software:
Apple Macintosh OS X
Description:
Apple has issued a security update for Mac OS X, which fixes multiple security issues and some vulnerabilities.
1) An error when handling a certain command in the AFP Server can be exploited to disclose all network addresses of a system.
2) Multiple errors exist in a bundled vulnerable version of bash.
3) An integer signedness error within IOBluetoothFamily can be exploited to execute arbitrary code with system privileges.
4) An error within IOBluetoothDevice can be exploited to execute arbitrary code with system privileges.
Successful exploitation of this vulnerability requires that a bluetooth device is connected.
5) Some errors within the bluetooth driver can be exploited to execute arbitrary code with system privileges.
6) An integer overflow error when handling PDF files within CoreGraphics can be exploited to execute arbitrary code via a specially crafted PDF file.
7) An error when handling EFI update within CPU Software can be exploited to manipulate host firmware via a Thunderbolt device.
8) An error when handling of App Store logs within CommerceKit Framework can be exploited to disclose Apple ID credentials.
9) An error exists when handling certain custom memory allocators.
10) A boundary error when handling PDF files within CoreGraphics can be exploited to execute arbitrary code via a specially crafted PDF file.
11) Some type confusion errors when handling XPC messages in CoreSymbolication can be exploited to execute arbitrary code with system privileges.
12) A boundary error when handling .dfont files within FontParser can be exploited to execute arbitrary code via a specially crafted .dfont file.
13) A boundary error when handling PDF files within FontParser can be exploited to execute arbitrary code via a specially crafted PDF file.
14) An error when handling XML files in the XML parser within Foundation can be exploited to cause a buffer overflow and subsequently execute arbitrary code via a specially crafted XML file.
15) Some boundary errors within Intel Graphics Driver can be exploited to execute arbitrary code with system privileges.
16) A NULL pointer dereference error when handling certain IOService userclient types in IntelAccelerator within IOAcceleratorFamily can be exploited to execute arbitrary code with system privileges.
17) A boundary error within IOHIDFamily can be exploited to execute arbitrary code with system privileges.
18) An error when handling resource queue metadata within IOHIDFamily can be exploited to execute arbitrary code with system privileges.
19) An error when handling event queues within IOHIDFamily can be exploited to execute arbitrary code with system privileges.
20) A boundary error in a user client vended by the IOHIDFamily driver can be exploited to execute arbitrary code within the kernel.
21) An integer overflow error when handling IOKit API arguments within IOKit can be exploited to execute arbitrary code with system privileges.
22) An error when handling custom cache mode within Kernel can be exploited to write to kernel read-only shared memory segments and subsequently execute arbitrary code with system privileges.
23) An error when handling certain metadata fields of IODataQueue objects within Kernel can be exploited to execute arbitrary code with system privileges.
24) Some errors when handling identitysvc validation of the directory service resolving process, flag handling, and error handling within Kernel can be exploited to spoof directory service responses or gain elevated privileges.
25) An error exists when handling IPv6 ICMP packets within Kernel.
26) An error when handling certain metadata fields of IOSharedDataQueue objects within Kernel can be exploited to execute arbitrary code with system privileges.
27) An error when handling JAR files during application launches within LaunchServices can be exploited to bypass certain Gatekeeper checks and subsequently execute otherwise restricted code via a specially crafted JAR file.
28) Some type confusion errors when handling interprocess communication in networkd within libnetcore can be exploited to execute arbitrary code with the privileges of the networkd user by sending a specially crafted message.
29) An error exists when parsing redirect URLs within lukemftp.
30) Multiple errors exist within a bundled vulnerable version of OpenSSL.
31) A design error when caching sandbox profiles within Sandbox can be exploited to gain otherwise restricted write access to the cache and subsequently bypass certain sandbox restrictions.
32) An error when handling Collada files within SceneKit can be exploited to execute arbitrary code.
33) An error when evaluating application certificate information within Security can be exploited to bypass certain Gatekeeper restrictions via a revoked Developer ID certificate.
34) An error when handling access control in the Keychain within security_taskgate can be exploited to access otherwise restricted keychain items of other applications.
35) An error when handling the Mail’s "Load remote content in messages" setting within Spotlight can be exploited to disclose the IP address of the email recipient to the sender.
36) An error when handling deserialisation related to permission caches within SpotlightIndex can be exploited to disclose results belonging to another user.
37) A type confusion error within sysmond can be exploited to execute arbitrary code with root privileges.
The security issues and vulnerabilities are reported in versions 10.8.5, 10.9.5, 10.10, and 10.10.1 (please see the vendor's advisory for details about affected versions per vulnerability).
Solution
Apply Security Update 2015-001 or update to version 10.10.2.
References:
APPLE-SA-2015-01-27-4:
Ian Beer:
Amplia:
ZDI:
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 14 بهمن 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0