![]() ![]() ![]() Impact: Accessing a file's ACL via Finder may lead to other users gaining unauthorized access to filesĭescription: Accessing a file's ACL via Finder may corrupt the ACLs on the file. This issue was addressed through improved bounds checking. Impact: Viewing a file with a maliciously crafted name may lead to an unexpected application termination or arbitrary code executionĭescription: A buffer overflow existed in the handling of file names. Impact: An unprivileged user may change the system clockĭescription: This update changes the behavior of the systemsetup command to require administrator privileges to change the system clock. This issue was addressed by restoring missing validation steps. Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLSĭescription: Secure Transport failed to validate the authenticity of the connection. This issue does not affect systems prior to OS X Mavericks v10.9.ĬVE-2014-1263 : Roland Moriz of Moriz GmbH Impact: An attacker with a privileged network position may intercept user credentials or other sensitive informationĭescription: When using curl to connect to an HTTPS URL containing an IP address, the IP address was not validated against the certificate. This issue is addressed through improved bounds checking.ĬVE-2014-1261 : Lucas Apa and Carlos Mario Penagos of IOActive Labs Impact: Applications that use CoreText may be vulnerable to an unexpected application termination or arbitrary code executionĭescription: A signedness issue existed in CoreText in the handling of Unicode fonts. Impact: Visiting a maliciously crafted site may lead to an unexpected application termination or arbitrary code executionĭescription: A heap buffer overflow existed in CoreAnimation's handling of images. This issue does not affect systems running OS X Mavericks 10.9 or later.ĬVE-2014-1257 : Rob Ansaldo of Amherst College, Graham Bennett This issue was addressed through improved handling of session cookies. Impact: Session cookies may persist even after resetting Safariĭescription: Resetting Safari did not always delete session cookies until Safari was closed. The complete list of recognized system roots may be viewed via the Keychain Access application. Impact: Root certificates have been updatedĭescription: The set of system root certificates has been updated. This issue was addressed by additional bounds checking.ĬVE-2014-1256 : Meder Kydyraliev of the Google Security Team This issue was addressed through additional validation of Mach messages.ĬVE-2014-1255 : Meder Kydyraliev of the Google Security Teamĭescription: A buffer overflow issue existed in the handling of Mach messages passed to ATS. This issue was addressed through improved bounds checking.ĬVE-2014-1262 : Meder Kydyraliev of the Google Security Teamĭescription: An arbitrary free issue existed in the handling of Mach messages passed to ATS. This issue was addressed through improved bounds checking.ĬVE-2014-1254 : Felix Groebert of the Google Security TeamĪvailable for: OS X Mavericks 10.9 and 10.9.1ĭescription: A memory corruption issue existed in the handling of Mach messages passed to ATS. Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code executionĭescription: A memory corruption issue existed in the handling of handling of Type 1 fonts. This issue does not affect systems running OS X Mavericks 10.9 or later.ĬVE-2013-5179 : Friedrich Graeter of The Soulmen GbRĪvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 This issue was addressed by preventing sandboxed applications from specifying arguments. ![]() A compromised sandboxed application could abuse this to bypass the sandbox. These issues were addressed by updating Apache to version 2.2.26.Īvailable for: OS X Mountain Lion v10.8.5ĭescription: The LaunchServices interface for launching an application allowed sandboxed apps to specify the list of arguments passed to the new process. Impact: Multiple vulnerabilities in Apacheĭescription: Multiple vulnerabilities existed in Apache, the most serious of which may lead to cross-site scripting. ![]() Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |