![]() This issue was addressed through improved bounds checking.ĬVE-2014-1359 : Ian Beer of Google Project Zeroĭescription: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through additional validation of IOKit API arguments.ĬVE-2014-1355 : cunzhang from Adlab of Venustechĭescription: An integer underflow existed in launchd. Impact: A local user could cause an unexpected system restartĭescription: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed by using a unique ID instead of a pointer. This issue was addressed through improved bounds checking.ĬVE-2014-1377 : Ian Beer of Google Project Zeroĭescription: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed through improved bounds checking.ĬVE-2014-1376 : Ian Beer of Google Project Zeroĭescription: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed by removing the pointer from the object.ĭescription: A validation issue existed in the handling of an OpenCL API call. Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomizationĭescription: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed through improved bounds checking.ĬVE-2014-1373 : Ian Beer of Google Project Zero Impact: A malicious application may be able to execute arbitrary code with system privilegesĭescription: A validation issue existed in the handling of an OpenGL API call. This issue was addressed by disallowing logging of credentials. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. Impact: An attacker with access to a system may be able to recover Apple ID credentialsĭescription: An issue existed in the handling of iBooks logs. This issue was addressed through improved bounds checking.ĬVE-2014-1372 : Ian Beer of Google Project Zero Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomizationĭescription: An out-of-bounds read issue existed in the handling of a system call. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution.ĬVE-2014-1371 : an anonymous researcher working with HP's Zero Day InitiativeĪvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictionsĭescription: An unvalidated array index issue existed in the Dock’s handling of messages from applications. Impact: A remote attacker may be able to gain access to another user's sessionĭescription: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. This issue was addressed through improved bounds checking.ĬVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCPĪvailable for: OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code executionĭescription: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. The complete list of certificates may be viewed at. Impact: Update to the certificate trust policyĭescription: The certificate trust policy was updated. Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |