Apple Mac OS X Multiple Vulnerabilities

Secunia Advisory SA53684
Release Date 2013-06-05



Criticality level: Highly critical
Impact: Security Bypass
Cross Site Scripting
Exposure of sensitive information
DoS
System access
Where: From remote

Solution Status: Vendor Patch


Description

Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1) An error exits within the CFNetwork component when handling permanent cookies and can be exploited to gain access to previously accessed sites even if Private Browsing was used.

2) A boundary error within the CoreAnimation component when handling text glyphs can be exploited to cause a stack-based buffer overflow by tricking a user into clicking a specially crafted URL in Safari.

3) An error within the CoreMedia Playback component when handling text tracks can be exploited to reference uninitialized memory via a specially crafted movie file.

4) A boundary error within the "DSTCPEndpoint::AllocFromProxyStruct()" function (DSTCPEndpoint.cpp) in the Directory Service component when handling messages from the network and can be exploited to cause a buffer overflow by sending specially crafted messages.

5) An error within the Disk Management component does not properly verify permissions and can be exploited by local users to disable FileVault.

6) Some errors exist due to a bundled vulnerable version of OpenSSL.

For more information:
SA44572
SA45781
SA47426
SA47631
SA48847
SA49116

7) A boundary error within the QuickDraw Manager component when parsing PICT images can be exploited to cause a buffer overflow.

8) Some errors exist in the bundled version of QuickTime.

For more information:
SA53520

9) Some errors exist in the bundled version of Ruby on Rails.

For more information:
SA51753
SA52112
SA51938
SA52656

10) An error within SMB does not properly check for access control and can be exploited to write files outside the shared directory.

Successful exploitation of vulnerabilities #2, #3, #4, and #7 may allow execution of arbitrary code.

The vulnerabilities are reported in versions Snow Leopard (10.6), Lion (10.7), and Mountain Lion (10.8).

Solution
Update to version 10.8.4 or apply Security Update 2013-002.

Bollettino di Sicurezza

Apple OS X Multiple Vulnerabilities

Where:From remote

Impact:Security Bypass, Exposure of sensitive information, Privilege escalation, DoS, System access

Solution Status:Vendor Patch


Description

Apple has issued a security update for Mac OS X, which fixes two security issues and multiple vulnerabilities.

1) A boundary error in the copyfile component when handling AppleDouble files within ZIP archives can be exploited to execute arbitrary code via a specially crafted ZIP archive.

2) An error exists in cURL.

For more information:
SA56728

3) An array indexing error when handling messages within the Dock component can be exploited to dereference an invalid pointer and subsequently bypass certain sandbox restrictions via a specially crafted Dock message.

4) An error when handling system calls within the Graphics Driver component can be exploited to disclose kernel memory.

5) An error when handling the logging of Apple ID credentials in iBooks logs within the iBooks Commerce component can be exploited to gain access to otherwise restricted Apple ID credentials.

6) A boundary error when handling OpenCL API calls within the Intel Graphics Driver component can be exploited to execute arbitrary code with system privileges.

7) A boundary error when handling OpenCL API calls within the Intel Compute component can be exploited to execute arbitrary code with system privileges.

8) An array indexing error within the IOAcceleratorFamily component can be exploited to execute arbitrary code with system privileges.

9) A NULL pointer dereference error when handling IOKit API arguments within the IOReporting component can be exploited to cause a restart.

10) An integer underflow error within the launchd component can be exploited to execute arbitrary code with system privileges.

11) A boundary error when handling IPC messages within the launchd component can be exploited to cause a heap-based buffer overflow and subsequently execute arbitrary code with system privileges.

12) A boundary error when handling log messages within the launchd component can be exploited to cause a heap-based buffer overflow and subsequently execute arbitrary code with system privileges.

13) An integer overflow error within the launchd component can be exploited to execute arbitrary code with system privileges.

14) Some NULL pointer dereference errors within the Graphics Drivers component can be exploited to execute arbitrary code with system privileges.

15) An error when handling DTLS connections can be exploited to disclose two bytes of memory via specially crafted messages.

16) A boundary error when handling IOThunderBoltController API calls within the Thunderbolt component can be exploited to execute arbitrary code with system privileges.

Please see the vendor's advisory for a list of affected versions.

Solution:
Update to version 10.9.4 or apply Security Update 2014-003 (please see the vendor's advisory for details).

Apple OS X Multiple Vulnerabilities



Where:From remote

Impact:Security Bypass, Spoofing, Manipulation of data, Exposure of system information, Exposure of sensitive information, Privilege escalation, System access

Solution Status:Vendor Patch


The security issues and vulnerabilities are reported in versions 10.8.5, 10.9.5, 10.10, and 10.10.1 (please see the vendor's advisory for details about affected versions per vulnerability).

Solution:
Apply Security Update 2015-001 or update to version 10.10.2.

Apple OS X Multiple Vulnerabilities

Criticality level:Moderately critical

Where:From remote

Impactrivilege escalation, System access

Solution Status:Vendor Patch

Operating System:Apple Macintosh OS X

CVE Reference(s):

CVE-2015-1061

CVE-2015-1065


Description

Apple has issued a security update for Mac OS X, which fixes some vulnerabilities.


1) Some boundary errors when handling data during iCloud Keychain recovery can be exploited to cause buffer overflows.

Successful exploitation of this vulnerability may allow execution of arbitrary code.

The vulnerabilities are reported in version 10.10.2.

Solution:
Apply Security Update 2015-003.

Provided and/or discovered by:
1) The vendor credits Andrey Belenko, NowSecure.

https://support.apple.com/en-us/HT204563