This issue was addressed through improved bounds checking.ĬVE-2014-1373 : Ian Beer of Google Project Zero Impact: A malicious application may be able to execute arbitrary code with system privilegesĭescription: A validation issue existed in the handling of an OpenGL API call.
This issue was addressed by disallowing logging of credentials. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. Impact: An attacker with access to a system may be able to recover Apple ID credentialsĭescription: An issue existed in the handling of iBooks logs. This issue was addressed through improved bounds checking.ĬVE-2014-1372 : Ian Beer of Google Project Zero Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomizationĭescription: An out-of-bounds read issue existed in the handling of a system call. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution.ĬVE-2014-1371 : an anonymous researcher working with HP's Zero Day InitiativeĪvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictionsĭescription: An unvalidated array index issue existed in the Dock’s handling of messages from applications. Impact: A remote attacker may be able to gain access to another user's sessionĭescription: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. This issue was addressed through improved bounds checking.ĬVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCPĪvailable for: OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code executionĭescription: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. The complete list of certificates may be viewed at.
Impact: Update to the certificate trust policyĭescription: The certificate trust policy was updated. Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3
0 kommentar(er)
