‫ Apple OS X Multiple Vulnerabilities

IRCAD2014043268

Number: IRCAD2014043268
Date: 2014/04/23

Criticality level: Highly critical

 
Software:

Apple Macintosh OS X

Description

Apple has issued a security update for Mac OS X, which fixes a weakness and multiple vulnerabilities.

1)A format string error exists when handling URLs within the CoreServicesUIAgent component, which can be exploited to execute arbitrary code.

2)An error exists within the FontParser component.

This vulnerability is reported in version 10.8.5.

3)An error exists when handling ASN.1 data within the Heimdal Kerberos component, which can be exploited to cause an abort.

4)A boundary error exists when handling JPEG images within the ImageIO component, which can be exploited to cause a buffer overflow via a specially crafted JPEG image.

5)An error exists when handling a pointer from userspace within the Intel Graphics Driver component, which can be exploited to cause memory corruption.

6)An error exists in a bundled, vulnerable version of libyaml within the Ruby component.

The vulnerabilities #1, #3, #4, and #6 are reported in version 10.9.2.

7)Another error exists within the Ruby component.

Successful exploitation of the vulnerabilities #2 and #4 through #7 may allow execution of arbitrary code.

This vulnerability is reported in versions 10.7.5, 10.8.5, and 10.9.2.

8)An error exists when handling SSL within the Security - Secure Transport component, which can be exploited to potentially disclose certain data or manipulate certain session operations via a triple handshake attack.

9)An error exists when handling WindowServer sessions within the WindowServer component, which can be exploited to bypass certain sandbox restrictions.

The weakness #8 and the vulnerabilities #5 and #9 are reported in versions 10.8.5 and 10.9.2.

Solution:

Apply Security Update 2014-002.

Resources:

APPLE-SA-2014-04-22-1:

secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 6 اردیبهشت 1393

امتیاز

امتیاز شما
تعداد امتیازها:0