ID CVE-2014-1373 Type cve Reporter cve@mitre.org Modified 2015-11-20T16:10:00
Description
Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application.
{"openvas": [{"lastseen": "2019-05-29T18:37:33", "bulletinFamily": "scanner", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "modified": "2019-03-19T00:00:00", "published": "2014-09-19T00:00:00", "id": "OPENVAS:1361412562310804847", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804847", "title": "Apple Mac OS X Multiple Vulnerabilities -02 Sep14", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_macosx_mult_vuln02_sep14.nasl 14304 2019-03-19 09:10:40Z cfischer $\n#\n# Apple Mac OS X Multiple Vulnerabilities -02 Sep14\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804847\");\n script_version(\"$Revision: 14304 $\");\n script_cve_id(\"CVE-2014-1372\", \"CVE-2014-1373\", \"CVE-2014-1376\", \"CVE-2014-1377\",\n \"CVE-2014-1379\", \"CVE-2014-1361\");\n script_bugtraq_id(68272, 68272, 68272, 68272, 68272, 68274);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 10:10:40 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-19 11:51:15 +0530 (Fri, 19 Sep 2014)\");\n\n script_name(\"Apple Mac OS X Multiple Vulnerabilities -02 Sep14\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - An out-of-bounds read error in the handling of a system call.\n\n - A validation error in the handling of an OpenGL API call.\n\n - A validation error in the handling of an OpenCL API call.\n\n - An array indexing error in IOAcceleratorFamily.\n\n - Multiple null dereference errors in kernel graphics drivers.\n\n - An uninitialized memory access error in the handling of DTLS messages in a\n TLS connection.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to bypass security restrictions, disclose sensitive information,\n compromise the affected system and conduct privilege escalation.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.8.x through\n 10.8.5 and 10.9.x before 10.9.4\");\n\n script_tag(name:\"solution\", value:\"Run Mac Updates. Please see the references for more information.\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT1338\");\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT6296\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1030505\");\n script_xref(name:\"URL\", value:\"http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[89]\\.\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName)\n{\n if(version_in_range(version:osVer, test_version:\"10.9.0\", test_version2:\"10.9.3\")||\n version_in_range(version:osVer, test_version:\"10.8.0\", test_version2:\"10.8.5\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-02-21T01:22:00", "bulletinFamily": "scanner", "description": "The remote host is running a version of Mac OS X 10.7 or 10.8 that does not have Security Update 2014-003 applied. This update contains several security-related fixes for the following components :\n\n - copyfile\n - Dock\n - Graphics Driver\n - Intel Graphics Driver\n - Intel Compute\n - IOAcceleratorFamily\n - Secure Transport\n\nNote that successful exploitation of the most serious issues could result in arbitrary code execution.", "modified": "2018-07-14T00:00:00", "id": "MACOSX_SECUPD2014-003.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76318", "published": "2014-07-01T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2014-003)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76318);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2014-1361\",\n \"CVE-2014-1370\",\n \"CVE-2014-1371\",\n \"CVE-2014-1372\",\n \"CVE-2014-1373\",\n \"CVE-2014-1376\",\n \"CVE-2014-1377\",\n \"CVE-2014-1379\"\n );\n script_bugtraq_id(\n 68272,\n 68274\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-06-30-2\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2014-003)\");\n script_summary(english:\"Check for the presence of Security Update 2014-003.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity issues.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.7 or 10.8 that\ndoes not have Security Update 2014-003 applied. This update contains\nseveral security-related fixes for the following components :\n\n - copyfile\n - Dock\n - Graphics Driver\n - Intel Graphics Driver\n - Intel Compute\n - IOAcceleratorFamily\n - Secure Transport\n\nNote that successful exploitation of the most serious issues could\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT203015\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/532600/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2014-003 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\npatch = '2014-003';\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:'-');\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.[78]([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.7 / 10.8\");\nelse if (\"Mac OS X 10.7\" >< os && !ereg(pattern:\"Mac OS X 10\\.7($|\\.[0-5]([^0-9]|$))\", string:os)) exit(0, \"The remote host uses a version of Mac OS X Lion later than 10.7.5.\");\nelse if (\"Mac OS X 10.8\" >< os && !ereg(pattern:\"Mac OS X 10\\.8($|\\.[0-5]([^0-9]|$))\", string:os)) exit(0, \"The remote host uses a version of Mac OS X Mountain Lion later than 10.8.5.\");\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\..*bom$\", string:packages);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = eregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:22:00", "bulletinFamily": "scanner", "description": "The remote host is running a version of Mac OS X 10.9.x that is prior to 10.9.4. This update contains several security-related fixes for the following components :\n\n - Certificate Trust Policy\n - copyfile\n - curl\n - Dock\n - Graphics Driver\n - iBooks Commerce\n - Intel Graphics Driver\n - Intel Compute\n - IOAcceleratorFamily\n - IOReporting\n - Keychain\n - launchd\n - Secure Transport\n - Thunderbolt\n\nNote that successful exploitation of the most serious issues could result in arbitrary code execution.", "modified": "2018-07-14T00:00:00", "id": "MACOSX_10_9_4.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76317", "published": "2014-07-01T00:00:00", "title": "Mac OS X 10.9.x < 10.9.4 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76317);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2014-0015\",\n \"CVE-2014-1317\",\n \"CVE-2014-1355\",\n \"CVE-2014-1356\",\n \"CVE-2014-1357\",\n \"CVE-2014-1358\",\n \"CVE-2014-1359\",\n \"CVE-2014-1361\",\n \"CVE-2014-1370\",\n \"CVE-2014-1371\",\n \"CVE-2014-1372\",\n \"CVE-2014-1373\",\n \"CVE-2014-1375\",\n \"CVE-2014-1376\",\n \"CVE-2014-1377\",\n \"CVE-2014-1378\",\n \"CVE-2014-1379\",\n \"CVE-2014-1380\",\n \"CVE-2014-1381\"\n );\n script_bugtraq_id(65270, 68272, 68274);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-06-30-2\");\n\n script_name(english:\"Mac OS X 10.9.x < 10.9.4 Multiple Vulnerabilities\");\n script_summary(english:\"Check the version of Mac OS X.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes a certificate\nvalidation weakness.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.9.x that is prior\nto 10.9.4. This update contains several security-related fixes for the\nfollowing components :\n\n - Certificate Trust Policy\n - copyfile\n - curl\n - Dock\n - Graphics Driver\n - iBooks Commerce\n - Intel Graphics Driver\n - Intel Compute\n - IOAcceleratorFamily\n - IOReporting\n - Keychain\n - launchd\n - Secure Transport\n - Thunderbolt\n\nNote that successful exploitation of the most serious issues could\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT6296\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/532600/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Mac OS X 10.9.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n\nmatch = eregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9])+)\", string:os);\nif (isnull(match)) exit(1, \"Failed to parse the Mac OS X version ('\" + os + \"').\");\n\nversion = match[1];\nif (!ereg(pattern:\"^10\\.9([^0-9]|$)\", string:version)) audit(AUDIT_OS_NOT, \"Mac OS X 10.9\", \"Mac OS X \"+version);\n\nfixed_version = \"10.9.4\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected as it is running Mac OS X \"+version+\".\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update\r\n2014-003\r\n\r\nOS X Mavericks 10.9.4 and Security Update 2014-003 are now available\r\nand address the following:\r\n\r\nCertificate Trust Policy\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3\r\nImpact: Update to the certificate trust policy\r\nDescription: The certificate trust policy was updated. The complete\r\nlist of certificates may be viewed at\r\nhttp://support.apple.com/kb/HT6005.\r\n\r\ncopyfile\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3\r\nImpact: Opening a maliciously crafted zip file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An out of bounds byte swapping issue existed in the\r\nhandling of AppleDouble files in zip archives. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP\r\n\r\ncurl\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: A remote attacker may be able to gain access to another\r\nuser's session\r\nDescription: cURL re-used NTLM connections when more than one\r\nauthentication method was enabled, which allowed an attacker to gain\r\naccess to another user's session.\r\nCVE-ID\r\nCVE-2014-0015\r\n\r\nDock\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3\r\nImpact: A sandboxed application may be able to circumvent sandbox\r\nrestrictions\r\nDescription: An unvalidated array index issue existed in the\r\nDock's handling of messages from applications. A maliciously\r\ncrafted message could cause an invalid function pointer to be\r\ndereferenced, which could lead to an unexpected application\r\ntermination or arbitrary code execution.\r\nCVE-ID\r\nCVE-2014-1371 : an anonymous researcher working with HP's Zero Day\r\nInitiative\r\n\r\nGraphics Driver\r\nAvailable for: OS X Mountain Lion v10.8.5,\r\nOS X Mavericks 10.9 to 10.9.3\r\nImpact: A local user can read kernel memory, which can be used to\r\nbypass kernel address space layout randomization\r\nDescription: An out-of-bounds read issue existed in the handling of\r\na system call. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-1372 : Ian Beer of Google Project Zero\r\n\r\niBooks Commerce\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: An attacker with access to a system may be able to recover\r\nApple ID credentials\r\nDescription: An issue existed in the handling of iBooks logs. The\r\niBooks process could log Apple ID credentials in the iBooks log where\r\nother users of the system could read it. This issue was addressed by\r\ndisallowing logging of credentials.\r\nCVE-ID\r\nCVE-2014-1317 : Steve Dunham\r\n\r\nIntel Graphics Driver\r\nAvailable for: OS X Mountain Lion v10.8.5,\r\nOS X Mavericks 10.9 to 10.9.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A validation issue existed in the handling of an OpenGL\r\nAPI call. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1373 : Ian Beer of Google Project Zero\r\n\r\nIntel Graphics Driver\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: A local user can read a kernel pointer, which can be used to\r\nbypass kernel address space layout randomization\r\nDescription: A kernel pointer stored in an IOKit object could be\r\nretrieved from userland. This issue was addressed by removing the\r\npointer from the object.\r\nCVE-ID\r\nCVE-2014-1375\r\n\r\nIntel Compute\r\nAvailable for: OS X Mountain Lion v10.8.5,\r\nOS X Mavericks 10.9 to 10.9.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A validation issue existed in the handling of an OpenCL\r\nAPI call. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1376 : Ian Beer of Google Project Zero\r\n\r\nIOAcceleratorFamily\r\nAvailable for: OS X Mountain Lion v10.8.5,\r\nOS X Mavericks 10.9 to 10.9.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An array indexing issue existed in IOAcceleratorFamily.\r\nThis issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1377 : Ian Beer of Google Project Zero\r\n\r\nIOGraphicsFamily\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: A local user can read a kernel pointer, which can be used to\r\nbypass kernel address space layout randomization\r\nDescription: A kernel pointer stored in an IOKit object could be\r\nretrieved from userland. This issue was addressed by using a unique\r\nID instead of a pointer.\r\nCVE-ID\r\nCVE-2014-1378\r\n\r\nIOReporting\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: A local user could cause an unexpected system restart\r\nDescription: A null pointer dereference existed in the handling of\r\nIOKit API arguments. This issue was addressed through additional\r\nvalidation of IOKit API arguments.\r\nCVE-ID\r\nCVE-2014-1355 : cunzhang from Adlab of Venustech\r\n\r\nlaunchd\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer underflow existed in launchd. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1359 : Ian Beer of Google Project Zero\r\n\r\nlaunchd\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A heap buffer overflow existed in launchd's handling of\r\nIPC messages. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-1356 : Ian Beer of Google Project Zero\r\n\r\nlaunchd\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A heap buffer overflow existed in launchd's handling of\r\nlog messages. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-1357 : Ian Beer of Google Project Zero\r\n\r\nlaunchd\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer overflow existed in launchd. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1358 : Ian Beer of Google Project Zero\r\n\r\nGraphics Drivers\r\nAvailable for: OS X Mountain Lion v10.8.5,\r\nOS X Mavericks 10.9 to 10.9.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: Multiple null dereference issues existed in kernel\r\ngraphics drivers. A maliciously crafted 32-bit executable may have\r\nbeen able to obtain elevated privileges.\r\nCVE-ID\r\nCVE-2014-1379 : Ian Beer of Google Project Zero\r\n\r\nSecurity - Keychain\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: An attacker may be able to type into windows under the\r\nscreen lock\r\nDescription: Under rare circumstances, the screen lock did not\r\nintercept keystrokes. This could have allowed an attacker to type\r\ninto windows under the screen lock. This issue was addressed through\r\nimproved keystroke observer management.\r\nCVE-ID\r\nCVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC\r\n\r\nSecurity - Secure Transport\r\nAvailable for: OS X Mountain Lion v10.8.5,\r\nOS X Mavericks 10.9 to 10.9.3\r\nImpact: Two bytes of memory could be disclosed to a remote attacker\r\nDescription: An uninitialized memory access issue existing in the\r\nhandling of DTLS messages in a TLS connection. This issue was\r\naddressed by only accepting DTLS messages in a DTLS connection.\r\nCVE-ID\r\nCVE-2014-1361 : Thijs Alkemade of The Adium Project\r\n\r\nThunderbolt\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An out of bounds memory access issue existed in the\r\nhandling of IOThunderBoltController API calls. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1381 : Catherine aka winocm\r\n\r\nNote: OS X Mavericks 10.9.4 includes the security content of\r\nSafari 7.0.5: http://support.apple.com/kb/HT6293\r\n\r\nOS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained\r\nfrom the Mac App Store or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN\r\n6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX\r\na569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM\r\nKx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb\r\nnak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr\r\nQ/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR\r\nuqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo\r\nT/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR\r\n1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4\r\nFiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka\r\nePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr\r\n+/tiYIHJ5pUCKf+C8xJC\r\n=HkFr\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-08-04T00:00:00", "published": "2014-08-04T00:00:00", "id": "SECURITYVULNS:DOC:30968", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30968", "title": "APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:56", "bulletinFamily": "software", "description": "Multiple memory corruptions, information leakages, DoS, privilege escalation, screen lock bypass.", "modified": "2014-08-04T00:00:00", "published": "2014-08-04T00:00:00", "id": "SECURITYVULNS:VULN:13898", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13898", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
