Search...

Apple Pages < 2.1 / 5.1 Microsoft Word Document Handling Double Free Arbitrary Code Execution

2014-02-04T00:00:00

ID MACOSX_PAGES_5_1.NASL
Type nessus
Reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-03-02T00:00:00

Description

According to its self-reported version number, the Apple Pages install on the remote Mac OS X host reportedly has a double-free issue in its handling of Microsoft Word documents that could lead to unexpected program termination or arbitrary code execution.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(72281);
  script_version("1.3");
  script_cvs_date("Date: 2019/11/26");

  script_cve_id("CVE-2014-1252");
  script_bugtraq_id(65113);
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2014-01-23-1");

  script_name(english:"Apple Pages &lt; 2.1 / 5.1 Microsoft Word Document Handling Double Free Arbitrary Code Execution");
  script_summary(english:"Check the version of Pages");

  script_set_attribute(attribute:"synopsis", value:
"An application on the remote host could allow arbitrary code
execution.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Apple Pages install
on the remote Mac OS X host reportedly has a double-free issue in its
handling of Microsoft Word documents that could lead to unexpected
program termination or arbitrary code execution.");
  script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT6117");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apple Pages 2.1 / 5.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-1252");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/01/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:pages");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_pages_installed.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Pages/Installed");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/MacOSX/Version")) audit(AUDIT_OS_NOT, "Mac OS X");


get_kb_item_or_exit("MacOSX/Pages/Installed");
list = get_kb_list_or_exit("MacOSX/Pages/*/Version", exit_code:1);

item = branch(keys(list));
path = item - 'MacOSX/Pages' - '/Version';
version = get_kb_item_or_exit(item, exit_code:1);

if (
  version =~ "^1\." ||
  (version =~ "^2\." && ver_compare(ver:version, fix:"2.1", strict:FALSE) == -1) ||
  version =~ "^[34]\." ||
  (version =~ "^5\." && ver_compare(ver:version, fix:"5.1", strict:FALSE) == -1)
)
{
  if (report_verbosity &gt; 0)
  {
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 2.1 / 5.1' +
      '\n';
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "Apple Pages", version, path);

JSON Vulners Source

Initial Source

{"id": "MACOSX_PAGES_5_1.NASL", "bulletinFamily": "scanner", "title": "Apple Pages < 2.1 / 5.1 Microsoft Word Document Handling Double Free Arbitrary Code Execution", "description": "According to its self-reported version number, the Apple Pages install\non the remote Mac OS X host reportedly has a double-free issue in its\nhandling of Microsoft Word documents that could lead to unexpected\nprogram termination or arbitrary code execution.", "published": "2014-02-04T00:00:00", "modified": "2021-03-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/72281", "reporter": "This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://support.apple.com/kb/HT6117"], "cvelist": ["CVE-2014-1252"], "type": "nessus", "lastseen": "2021-03-01T03:58:44", "edition": 26, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-1252"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310804852"]}, {"type": "nessus", "idList": ["MACOSX_10_9_2.NASL", "MACOSX_SECUPD2014-001.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30357", "SECURITYVULNS:VULN:13600", "SECURITYVULNS:VULN:13583", "SECURITYVULNS:DOC:30335"]}], "modified": "2021-03-01T03:58:44", "rev": 2}, "score": {"value": 7.4, "vector": "NONE", "modified": "2021-03-01T03:58:44", "rev": 2}, "vulnersScore": 7.4}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72281);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-1252\");\n script_bugtraq_id(65113);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-01-23-1\");\n\n script_name(english:\"Apple Pages < 2.1 / 5.1 Microsoft Word Document Handling Double Free Arbitrary Code Execution\");\n script_summary(english:\"Check the version of Pages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application on the remote host could allow arbitrary code\nexecution.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apple Pages install\non the remote Mac OS X host reportedly has a double-free issue in its\nhandling of Microsoft Word documents that could lead to unexpected\nprogram termination or arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT6117\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Pages 2.1 / 5.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-1252\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:pages\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_pages_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Pages/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/MacOSX/Version\")) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n\nget_kb_item_or_exit(\"MacOSX/Pages/Installed\");\nlist = get_kb_list_or_exit(\"MacOSX/Pages/*/Version\", exit_code:1);\n\nitem = branch(keys(list));\npath = item - 'MacOSX/Pages' - '/Version';\nversion = get_kb_item_or_exit(item, exit_code:1);\n\nif (\n version =~ \"^1\\.\" ||\n (version =~ \"^2\\.\" && ver_compare(ver:version, fix:\"2.1\", strict:FALSE) == -1) ||\n version =~ \"^[34]\\.\" ||\n (version =~ \"^5\\.\" && ver_compare(ver:version, fix:\"5.1\", strict:FALSE) == -1)\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 2.1 / 5.1' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Apple Pages\", version, path);\n", "naslFamily": "MacOS X Local Security Checks", "pluginID": "72281", "cpe": ["cpe:/a:apple:pages"], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T06:14:26", "description": "Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.", "edition": 6, "cvss3": {}, "published": "2014-01-24T15:08:00", "title": "CVE-2014-1252", "type": "cve", "cwe": ["CWE-415"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1252"], "modified": "2017-08-29T01:34:00", "cpe": ["cpe:/a:apple:pages:2.0.1", "cpe:/a:apple:pages:2.0", "cpe:/o:apple:iphone_os:7.0", "cpe:/a:apple:pages:5.0.1", "cpe:/o:apple:mac_os_x:10.9.1", "cpe:/a:apple:pages:5.0", "cpe:/a:apple:pages:2.0.2"], "id": "CVE-2014-1252", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1252", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:pages:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:pages:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:pages:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:pages:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:pages:5.0.1:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:37:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1252", "CVE-2014-1254", "CVE-2014-1258"], "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "modified": "2019-03-19T00:00:00", "published": "2014-09-22T00:00:00", "id": "OPENVAS:1361412562310804852", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804852", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities -06 Sep14", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_macosx_mult_vuln06_sep14.nasl 14304 2019-03-19 09:10:40Z cfischer $\n#\n# Apple Mac OS X Multiple Vulnerabilities -06 Sep14\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804852\");\n script_version(\"$Revision: 14304 $\");\n script_cve_id(\"CVE-2014-1254\", \"CVE-2014-1258\", \"CVE-2014-1252\");\n script_bugtraq_id(65777, 65113);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 10:10:40 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-22 17:50:08 +0530 (Mon, 22 Sep 2014)\");\n\n script_name(\"Apple Mac OS X Multiple Vulnerabilities -06 Sep14\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - An error in ATS when handling embedded Type 1 fonts.\n\n - An error in CoreAnimation when handling certain images.\n\n - An error in QuickLook when handling certain Microsoft Office files.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to conduct denial of service and arbitrary code execution attacks.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.8.x through\n 10.8.5 and 10.9.x before 10.9.2\");\n\n script_tag(name:\"solution\", value:\"Run Mac Updates. Please see the references for more information.\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT6150\");\n script_tag(name:\"qod\", value:\"30\"); ## Build information is not available\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT6150\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/54960\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[89]\\.\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName)\n{\n if(version_in_range(version:osVer, test_version:\"10.8.0\", test_version2:\"10.8.5\")||\n version_in_range(version:osVer, test_version:\"10.9.0\", test_version2:\"10.9.1\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-03-01T03:43:08", "description": "The remote host is running a version of Mac OS X 10.7 or 10.8 that\ndoes not have Security Update 2014-001 applied. This update contains\nseveral security-related fixes for the following components :\n\n - Apache\n - App Sandbox\n - ATS\n - Certificate Trust Policy\n - CFNetwork Cookies\n - CoreAnimation\n - Date and Time\n - File Bookmark\n - ImageIO\n - IOSerialFamily\n - LaunchServices\n - NVIDIA Drivers\n - PHP\n - QuickLook\n - QuickTime\n - Secure Transport\n\nNote that successful exploitation of the most serious issues could\nresult in arbitrary code execution.", "edition": 29, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-02-25T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1245", "CVE-2014-1246", "CVE-2013-4113", "CVE-2013-4248", "CVE-2014-1250", "CVE-2013-5178", "CVE-2014-1259", "CVE-2013-1896", "CVE-2014-1249", "CVE-2014-1257", "CVE-2011-3389", "CVE-2013-1862", "CVE-2014-1252", "CVE-2013-5139", "CVE-2014-1256", "CVE-2014-1265", "CVE-2014-1248", "CVE-2014-1247", "CVE-2013-6420", "CVE-2013-5179", "CVE-2014-1254", "CVE-2013-5987", "CVE-2013-5986", "CVE-2013-4073", "CVE-2013-6629", "CVE-2014-1260", "CVE-2014-1258"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2014-001.NASL", "href": "https://www.tenable.com/plugins/nessus/72688", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(72688);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2011-3389\",\n \"CVE-2013-1862\",\n \"CVE-2013-1896\",\n \"CVE-2013-4073\",\n \"CVE-2013-4113\",\n \"CVE-2013-4248\",\n \"CVE-2013-5139\",\n \"CVE-2013-5178\",\n \"CVE-2013-5179\",\n \"CVE-2013-5986\",\n \"CVE-2013-5987\",\n \"CVE-2013-6420\",\n \"CVE-2013-6629\",\n \"CVE-2014-1245\",\n \"CVE-2014-1246\",\n \"CVE-2014-1247\",\n \"CVE-2014-1248\",\n \"CVE-2014-1249\",\n \"CVE-2014-1250\",\n \"CVE-2014-1252\",\n \"CVE-2014-1254\",\n \"CVE-2014-1256\",\n \"CVE-2014-1257\",\n \"CVE-2014-1258\",\n \"CVE-2014-1259\",\n \"CVE-2014-1260\",\n \"CVE-2014-1265\"\n );\n script_bugtraq_id(\n 49778,\n 59826,\n 60843,\n 61128,\n 61129,\n 62536,\n 63311,\n 63343,\n 63676,\n 64225,\n 64525,\n 65113,\n 65208,\n 65777\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-02-25-1\");\n script_xref(name:\"CERT\", value:\"864643\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST)\");\n script_summary(english:\"Check for the presence of Security Update 2014-001.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.7 or 10.8 that\ndoes not have Security Update 2014-001 applied. This update contains\nseveral security-related fixes for the following components :\n\n - Apache\n - App Sandbox\n - ATS\n - Certificate Trust Policy\n - CFNetwork Cookies\n - CoreAnimation\n - Date and Time\n - File Bookmark\n - ImageIO\n - IOSerialFamily\n - LaunchServices\n - NVIDIA Drivers\n - PHP\n - QuickLook\n - QuickTime\n - Secure Transport\n\nNote that successful exploitation of the most serious issues could\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT202932\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2014/Feb/msg00000.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531263/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/tls-cbc.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2014-001 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\npatch = '2014-001';\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:'-');\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.[78]([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.7 / 10.8\");\nelse if (\"Mac OS X 10.7\" >< os && !ereg(pattern:\"Mac OS X 10\\.7($|\\.[0-5]([^0-9]|$))\", string:os)) exit(0, \"The remote host uses a version of Mac OS X Lion later than 10.7.5.\");\nelse if (\"Mac OS X 10.8\" >< os && !ereg(pattern:\"Mac OS X 10\\.8($|\\.[0-5]([^0-9]|$))\", string:os)) exit(0, \"The remote host uses a version of Mac OS X Lion later than 10.8.5.\");\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\..*bom$\", string:packages);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = eregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nset_kb_item(name:'www/0/XSS', value:TRUE);\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T03:40:53", "description": "The remote host is running a version of Mac OS X 10.9.x that is prior\nto 10.9.2. This update contains several security-related fixes for the\nfollowing components :\n\n - Apache\n - ATS\n - Certificate Trust Policy\n - CoreAnimation\n - CoreText\n - curl\n - Data Security\n - Date and Time\n - File Bookmark\n - Finder\n - ImageIO\n - NVIDIA Drivers\n - PHP\n - QuickLook\n - QuickTime\n\nNote that successful exploitation of the most serious issues could\nresult in arbitrary code execution.", "edition": 29, "published": "2014-02-25T00:00:00", "title": "Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1245", "CVE-2014-1246", "CVE-2013-4113", "CVE-2013-4248", "CVE-2014-1250", "CVE-2014-1263", "CVE-2014-1259", "CVE-2013-1896", "CVE-2014-1249", "CVE-2014-1261", "CVE-2014-1255", "CVE-2013-1862", "CVE-2014-1252", "CVE-2014-1256", "CVE-2014-1265", "CVE-2014-1248", "CVE-2014-1247", "CVE-2013-6420", "CVE-2014-1264", "CVE-2014-1262", "CVE-2014-1254", "CVE-2013-5987", "CVE-2014-1266", "CVE-2013-5986", "CVE-2013-4073", "CVE-2013-6629", "CVE-2014-1258"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_9_2.NASL", "href": "https://www.tenable.com/plugins/nessus/72687", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(72687);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2013-1862\",\n \"CVE-2013-1896\",\n \"CVE-2013-4073\",\n \"CVE-2013-4113\",\n \"CVE-2013-4248\",\n \"CVE-2013-5986\",\n \"CVE-2013-5987\",\n \"CVE-2013-6420\",\n \"CVE-2013-6629\",\n \"CVE-2014-1245\",\n \"CVE-2014-1246\",\n \"CVE-2014-1247\",\n \"CVE-2014-1248\",\n \"CVE-2014-1249\",\n \"CVE-2014-1250\",\n \"CVE-2014-1252\",\n \"CVE-2014-1254\",\n \"CVE-2014-1255\",\n \"CVE-2014-1256\",\n \"CVE-2014-1258\",\n \"CVE-2014-1259\",\n \"CVE-2014-1261\",\n \"CVE-2014-1262\",\n \"CVE-2014-1263\",\n \"CVE-2014-1264\",\n \"CVE-2014-1265\",\n \"CVE-2014-1266\"\n );\n script_bugtraq_id(\n 59826,\n 60843,\n 61128,\n 61129,\n 61776,\n 63676,\n 64225,\n 64525,\n 65113,\n 65208,\n 65738,\n 65777\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-02-25-1\");\n\n script_name(english:\"Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities\");\n script_summary(english:\"Check the version of Mac OS X\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes a certificate\nvalidation weakness.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.9.x that is prior\nto 10.9.2. This update contains several security-related fixes for the\nfollowing components :\n\n - Apache\n - ATS\n - Certificate Trust Policy\n - CoreAnimation\n - CoreText\n - curl\n - Data Security\n - Date and Time\n - File Bookmark\n - Finder\n - ImageIO\n - NVIDIA Drivers\n - PHP\n - QuickLook\n - QuickTime\n\nNote that successful exploitation of the most serious issues could\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT6150\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2014/Feb/msg00000.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531263/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Mac OS X 10.9.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n\nmatch = eregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9])+)\", string:os);\nif (isnull(match)) exit(1, \"Failed to parse the Mac OS X version ('\" + os + \"').\");\n\nversion = match[1];\nif (!ereg(pattern:\"^10\\.9([^0-9]|$)\", string:version)) audit(AUDIT_OS_NOT, \"Mac OS X 10.9\", \"Mac OS X \"+version);\n\nfixed_version = \"10.9.2\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected as it is running Mac OS X \"+version+\".\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-1245", "CVE-2014-1246", "CVE-2013-4113", "CVE-2013-4248", "CVE-2014-1250", "CVE-2014-1263", "CVE-2013-5178", "CVE-2014-1259", "CVE-2013-1896", "CVE-2014-1249", "CVE-2014-1257", "CVE-2014-1261", "CVE-2011-3389", "CVE-2014-1255", "CVE-2013-1862", "CVE-2014-1252", "CVE-2013-5139", "CVE-2014-1256", "CVE-2014-1265", "CVE-2014-1248", "CVE-2014-1247", "CVE-2013-6420", "CVE-2014-1264", "CVE-2013-5179", "CVE-2014-1262", "CVE-2014-1254", "CVE-2013-5987", "CVE-2014-1266", "CVE-2013-5986", "CVE-2013-4073", "CVE-2013-6629", "CVE-2014-1260", "CVE-2014-1258"], "description": "Multiple vulnerabilities in Network and Graphics subsystems, SSL bypass, multiple libraries and applications vulnerabilities.", "edition": 1, "modified": "2014-02-28T00:00:00", "published": "2014-02-28T00:00:00", "id": "SECURITYVULNS:VULN:13583", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13583", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2014-1245", "CVE-2014-1246", "CVE-2013-4113", "CVE-2013-4248", "CVE-2014-1250", "CVE-2014-1263", "CVE-2013-5178", "CVE-2014-1259", "CVE-2013-1896", "CVE-2014-1249", "CVE-2014-1257", "CVE-2014-1261", "CVE-2011-3389", "CVE-2014-1255", "CVE-2013-1862", "CVE-2014-1252", "CVE-2013-5139", "CVE-2014-1256", "CVE-2014-1265", "CVE-2014-1248", "CVE-2014-1247", "CVE-2013-6420", "CVE-2014-1264", "CVE-2013-5179", "CVE-2014-1262", "CVE-2014-1254", "CVE-2013-5987", "CVE-2014-1266", "CVE-2013-5986", "CVE-2013-4073", "CVE-2013-6629", "CVE-2014-1260", "CVE-2014-1258"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update\r\n2014-001\r\n\r\nOS X Mavericks 10.9.2 and Security Update 2014-001 is now available\r\nand addresses the following:\r\n\r\nApache\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Multiple vulnerabilities in Apache\r\nDescription: Multiple vulnerabilities existed in Apache, the most\r\nserious of which may lead to cross-site scripting. These issues were\r\naddressed by updating Apache to version 2.2.26.\r\nCVE-ID\r\nCVE-2013-1862\r\nCVE-2013-1896\r\n\r\nApp Sandbox\r\nAvailable for: OS X Mountain Lion v10.8.5\r\nImpact: The App Sandbox may be bypassed\r\nDescription: The LaunchServices interface for launching an\r\napplication allowed sandboxed apps to specify the list of arguments\r\npassed to the new process. A compromised sandboxed application could\r\nabuse this to bypass the sandbox. This issue was addressed by\r\npreventing sandboxed applications from specifying arguments. This\r\nissue does not affect systems running OS X Mavericks 10.9 or later.\r\nCVE-ID\r\nCVE-2013-5179 : Friedrich Graeter of The Soulmen GbR\r\n\r\nATS\r\nAvailable for: OS X Mountain Lion v10.8.5,\r\nOS X Mavericks 10.9 and 10.9.1\r\nImpact: Viewing or downloading a document containing a maliciously\r\ncrafted embedded font may lead to arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\nhandling of Type 1 fonts. This issue was addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2014-1254 : Felix Groebert of the Google Security Team\r\n\r\nATS\r\nAvailable for: OS X Mavericks 10.9 and 10.9.1\r\nImpact: The App Sandbox may be bypassed\r\nDescription: A memory corruption issue existed in the handling of\r\nMach messages passed to ATS. This issue was addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2014-1262 : Meder Kydyraliev of the Google Security Team\r\n\r\nATS\r\nAvailable for: OS X Mavericks 10.9 and 10.9.1\r\nImpact: The App Sandbox may be bypassed\r\nDescription: An arbitrary free issue existed in the handling of Mach\r\nmessages passed to ATS. This issue was addressed through additional\r\nvalidation of Mach messages.\r\nCVE-ID\r\nCVE-2014-1255 : Meder Kydyraliev of the Google Security Team\r\n\r\nATS\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: The App Sandbox may be bypassed\r\nDescription: A buffer overflow issue existed in the handling of Mach\r\nmessages passed to ATS. This issue was addressed by additional bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-1256 : Meder Kydyraliev of the Google Security Team\r\n\r\nCertificate Trust Policy\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Root certificates have been updated\r\nDescription: The set of system root certificates has been updated.\r\nThe complete list of recognized system roots may be viewed via the\r\nKeychain Access application.\r\n\r\nCFNetwork Cookies\r\nAvailable for: OS X Mountain Lion v10.8.5\r\nImpact: Session cookies may persist even after resetting Safari\r\nDescription: Resetting Safari did not always delete session cookies\r\nuntil Safari was closed. This issue was addressed through improved\r\nhandling of session cookies. This issue does not affect systems\r\nrunning OS X Mavericks 10.9 or later.\r\nCVE-ID\r\nCVE-2014-1257 : Rob Ansaldo of Amherst College, Graham Bennett\r\n\r\nCoreAnimation\r\nAvailable for: OS X Mountain Lion v10.8.5,\r\nOS X Mavericks 10.9 and 10.9.1\r\nImpact: Visiting a maliciously crafted site may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in CoreAnimation's\r\nhandling of images. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-1258 : Karl Smith of NCC Group\r\n\r\nCoreText\r\nAvailable for: OS X Mavericks 10.9 and 10.9.1\r\nImpact: Applications that use CoreText may be vulnerable to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A signedness issue existed in CoreText in the handling\r\nof Unicode fonts. This issue is addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-1261 : Lucas Apa and Carlos Mario Penagos of IOActive Labs\r\n\r\ncurl\r\nAvailable for: OS X Mavericks 10.9 and 10.9.1\r\nImpact: An attacker with a privileged network position may intercept\r\nuser credentials or other sensitive information\r\nDescription: When using curl to connect to an HTTPS URL containing\r\nan IP address, the IP address was not validated against the\r\ncertificate. This issue does not affect systems prior to OS X\r\nMavericks v10.9.\r\nCVE-ID\r\nCVE-2014-1263 : Roland Moriz of Moriz GmbH\r\n\r\nData Security\r\nAvailable for: OS X Mavericks 10.9 and 10.9.1\r\nImpact: An attacker with a privileged network position may capture\r\nor modify data in sessions protected by SSL/TLS\r\nDescription: Secure Transport failed to validate the authenticity of\r\nthe connection. This issue was addressed by restoring missing\r\nvalidation steps.\r\nCVE-ID\r\nCVE-2014-1266\r\n\r\nDate and Time\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: An unprivileged user may change the system clock\r\nDescription: This update changes the behavior of the systemsetup\r\ncommand to require administrator privileges to change the system\r\nclock.\r\nCVE-ID\r\nCVE-2014-1265\r\n\r\nFile Bookmark\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Viewing a file with a maliciously crafted name may lead to\r\nan unexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of file\r\nnames. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1259\r\n\r\nFinder\r\nAvailable for: OS X Mavericks 10.9 and 10.9.1\r\nImpact: Accessing a file's ACL via Finder may lead to other users\r\ngaining unauthorized access to files\r\nDescription: Accessing a file's ACL via Finder may corrupt the ACLs\r\non the file. This issue was addressed through improved handling of\r\nACLs.\r\nCVE-ID\r\nCVE-2014-1264\r\n\r\nImageIO\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Viewing a maliciously crafted JPEG file may lead to the\r\ndisclosure of memory contents\r\nDescription: An uninitialized memory access issue existed in\r\nlibjpeg's handling of JPEG markers, resulting in the disclosure of\r\nmemory contents. This issue was addressed by better JPEG handling.\r\nCVE-ID\r\nCVE-2013-6629 : Michal Zalewski\r\n\r\nIOSerialFamily\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5\r\nImpact: Executing a malicious application may result in arbitrary\r\ncode execution within the kernel\r\nDescription: An out of bounds array access existed in the\r\nIOSerialFamily driver. This issue was addressed through additional\r\nbounds checking. This issue does not affect systems running OS X\r\nMavericks v10.9 or later.\r\nCVE-ID\r\nCVE-2013-5139 : @dent1zt\r\n\r\nLaunchServices\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5\r\nImpact: A file could show the wrong extension\r\nDescription: An issue existed in the handling of certain unicode\r\ncharacters that could allow filenames to show incorrect extensions.\r\nThe issue was addressed by filtering unsafe unicode characters from\r\ndisplay in filenames. This issue does not affect systems running OS X\r\nMavericks v10.9 or later.\r\nCVE-ID\r\nCVE-2013-5178 : Jesse Ruderman of Mozilla Corporation, Stephane Sudre\r\nof Intego\r\n\r\nNVIDIA Drivers\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Executing a malicious application could result in arbitrary\r\ncode execution within the graphics card\r\nDescription: An issue existed that allowed writes to some trusted\r\nmemory on the graphics card. This issue was addressed by removing the\r\nability of the host to write to that memory.\r\nCVE-ID\r\nCVE-2013-5986 : Marcin Koscielnicki from the X.Org Foundation\r\nNouveau project\r\nCVE-2013-5987 : Marcin Koscielnicki from the X.Org Foundation\r\nNouveau project\r\n\r\nPHP\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Multiple vulnerabilities in PHP\r\nDescription: Multiple vulnerabilities existed in PHP, the most\r\nserious of which may have led to arbitrary code execution. These\r\nissues were addressed by updating PHP to version 5.4.22 on OS X\r\nMavericks v10.9, and 5.3.28 on OS X Lion and Mountain Lion.\r\nCVE-ID\r\nCVE-2013-4073\r\nCVE-2013-4113\r\nCVE-2013-4248\r\nCVE-2013-6420\r\n\r\nQuickLook\r\nAvailable for: OS X Mountain Lion v10.8.5\r\nImpact: Downloading a maliciously crafted Microsoft Office file may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A memory corruption issue existed in QuickLook's\r\nhandling of Microsoft Office files. Downloading a maliciously crafted\r\nMicrosoft Office file may have led to an unexpected application\r\ntermination or arbitrary code execution. This issue does not affect\r\nsystems running OS X Mavericks 10.9 or later.\r\nCVE-ID\r\nCVE-2014-1260 : Felix Groebert of the Google Security Team\r\n\r\nQuickLook\r\nAvailable for: OS X Mountain Lion v10.8.5,\r\nOS X Mavericks 10.9 and 10.9.1\r\nImpact: Downloading a maliciously crafted Microsoft Word document\r\nmay lead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A double free issue existed in QuickLook's handling of\r\nMicrosoft Word documents. This issue was addressed through improved\r\nmemory management.\r\nCVE-ID\r\nCVE-2014-1252 : Felix Groebert of the Google Security Team\r\n\r\nQuickTime\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of 'ftab'\r\natoms. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1246 : An anonymous researcher working with HP's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\n'dref' atoms. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-1247 : Tom Gallagher & Paul Bates working with HP's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of 'ldat'\r\natoms. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1248 : Jason Kratzer working with iDefense VCP\r\n\r\nQuickTime\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Viewing a maliciously crafted PSD image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of PSD\r\nimages. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1249 : dragonltx of Tencent Security Team\r\n\r\nQuickTime\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An out of bounds byte swapping issue existed in the\r\nhandling of 'ttfo' elements. This issue was addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2014-1250 : Jason Kratzer working with iDefense VCP\r\n\r\nQuickTime\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A signedness issue existed in the handling of 'stsz'\r\natoms. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1245 : Tom Gallagher & Paul Bates working with HP's Zero Day\r\nInitiative\r\n\r\nSecure Transport\r\nAvailable for: OS X Mountain Lion v10.8.5\r\nImpact: An attacker may be able to decrypt data protected by SSL\r\nDescription: There were known attacks on the confidentiality of SSL\r\n3.0 and TLS 1.0 when a cipher suite used a block cipher in CBC mode.\r\nTo address these issues for applications using Secure Transport, the\r\n1-byte fragment mitigation was enabled by default for this\r\nconfiguration.\r\nCVE-ID\r\nCVE-2011-3389 : Juliano Rizzo and Thai Duong\r\n\r\nOS X Mavericks v10.9.2 includes the content of Safari 7.0.2. \r\n\r\nOS X Mavericks v10.9.2 and Security Update 2014-001 may be obtained from \r\nthe Mac App Store or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJTDNeoAAoJEPefwLHPlZEwaRAP/3i/2qRvNv6JqmE9p48uEyXn\r\nmlxwXpMyop+vrgMmuiSP14EGSv06HO04PNUtaWPxm7tVYXu0tMtjDcYdIu40TAy6\r\nU0T6QhRZC/uag1DCvdEOvqRUajKmmPtHTCJ6OsQGtGJHlEM+S5XgxRr7qgfkHMfb\r\nOlqFsgpdL/AAiYNfzItN2C+r2Lfwro6LDlxhikpASojlMFQrk8nJ6irRv617anSZ\r\n3DwJW2iJxNfpVrgqA1Nrx1fkrPmeT/8jgGuEP6RaKiWIbfXjRG5BW9WuarMqmaP8\r\nC6XoTaJaqEO9zb7F2uJR0HIYpJd065y/xiYNm91yDWIjdrO3wVgNVPGo1pHVyYsY\r\nY7lcyHUVJortKF8SHquw0j3Ujeugu8iWp6ND/00/4dGvwb0jzrxPUxkEmJ43130O\r\nt2Obtxdsaa+ub8cZHDN93WB3FQR5hd+KaeXLJC55q0qYY8o8zqdPqXAlYAP2gUQX\r\niB4Bs7NAh2CNJWNTtk2soTjZOwPvPLSPZ6I3w5i0HVP7HQl5K8chjihAwSeyezCZ\r\nq5gxCiK0lBW88AUd9n3L7ZOW2Rg53mh6+RiUL/VQ7TfidoP417VDKum300pZkgNv\r\nkBCklX9ya7QeLjOMnbnsTk32qG+TiDPgiGZ5IrK6C6T26dexJWbm8tuwPjy5r8mI\r\naiYIh+SzR0rBdMZRgyzv\r\n=+DAJ\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2014-02-28T00:00:00", "published": "2014-02-28T00:00:00", "id": "SECURITYVULNS:DOC:30335", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30335", "title": "APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update 2014-001", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-6635", "CVE-2014-1278", "CVE-2013-5228", "CVE-2014-1289", "CVE-2014-1280", "CVE-2013-5133", "CVE-2014-1284", "CVE-2014-1271", "CVE-2014-1281", "CVE-2014-1276", "CVE-2013-2926", "CVE-2014-1270", "CVE-2014-1292", "CVE-2014-1287", "CVE-2014-1291", "CVE-2014-1272", "CVE-2013-5197", "CVE-2013-6835", "CVE-2013-5196", "CVE-2013-5225", "CVE-2013-5198", "CVE-2014-1252", "CVE-2013-6625", "CVE-2014-1269", "CVE-2014-1275", "CVE-2013-5199", "CVE-2014-1290", "CVE-2014-1286", "CVE-2013-5227", "CVE-2014-1282", "CVE-2014-1274", "CVE-2014-1285", "CVE-2014-1293", "CVE-2014-1273", "CVE-2013-2909", "CVE-2014-1277", "CVE-2012-2088", "CVE-2013-6629", "CVE-2013-2928", "CVE-2014-1267", "CVE-2014-1294"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-03-10-1 iOS 7.1\r\n\r\niOS 7.1 is now available and addresses the following:\r\n\r\nBackup\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A maliciously crafted backup can alter the filesystem\r\nDescription: A symbolic link in a backup would be restored, allowing\r\nsubsequent operations during the restore to write to the rest of the\r\nfilesystem. This issue was addressed by checking for symbolic links\r\nduring the restore process.\r\nCVE-ID\r\nCVE-2013-5133 : evad3rs\r\n\r\nCertificate Trust Policy\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Root certificates have been updated\r\nDescription: Several certificates were added to or removed from the\r\nlist of system roots.\r\n\r\nConfiguration Profiles\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Profile expiration dates were not honored\r\nDescription: Expiration dates of mobile configuration profiles were\r\nnot evaluated correctly. The issue was resolved through improved\r\nhandling of configuration profiles.\r\nCVE-ID\r\nCVE-2014-1267\r\n\r\nCoreCapture\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application can cause an unexpected system\r\ntermination\r\nDescription: A reachable assertion issue existed in CoreCapture's\r\nhandling of IOKit API calls. The issue was addressed through\r\nadditional validation of input from IOKit.\r\nCVE-ID\r\nCVE-2014-1271 : Filippo Bigarella\r\n\r\nCrash Reporting\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to change permissions on arbitrary\r\nfiles\r\nDescription: CrashHouseKeeping followed symbolic links while\r\nchanging permissions on files. This issue was addressed by not\r\nfollowing symbolic links when changing permissions on files.\r\nCVE-ID\r\nCVE-2014-1272 : evad3rs\r\n\r\ndyld\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Code signing requirements may be bypassed\r\nDescription: Text relocation instructions in dynamic libraries may\r\nbe loaded by dyld without code signature validation. This issue was\r\naddressed by ignoring text relocation instructions.\r\nCVE-ID\r\nCVE-2014-1273 : evad3rs\r\n\r\nFaceTime\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to the device may be able to\r\naccess FaceTime contacts from the lock screen\r\nDescription: FaceTime contacts on a locked device could be exposed\r\nby making a failed FaceTime call from the lock screen. This issue was\r\naddressed through improved handling of FaceTime calls.\r\nCVE-ID\r\nCVE-2014-1274\r\n\r\nImageIO\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of JPEG2000\r\nimages in PDF files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-1275 : Felix Groebert of the Google Security Team\r\n\r\nImageIO\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted TIFF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in libtiff's handling of TIFF\r\nimages. This issue was addressed through additional validation of\r\nTIFF images.\r\nCVE-ID\r\nCVE-2012-2088\r\n\r\nImageIO\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted JPEG file may lead to the\r\ndisclosure of memory contents\r\nDescription: An uninitialized memory access issue existed in\r\nlibjpeg's handling of JPEG markers, resulting in the disclosure of\r\nmemory contents. This issue was addressed through additional\r\nvalidation of JPEG files.\r\nCVE-ID\r\nCVE-2013-6629 : Michal Zalewski\r\n\r\nIOKit HID Event\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may monitor on user actions in other\r\napps\r\nDescription: An interface in IOKit framework allowed malicious apps\r\nto monitor on user actions in other apps. This issue was addressed\r\nthrough improved access control policies in the framework.\r\nCVE-ID\r\nCVE-2014-1276 : Min Zheng, Hui Xue, and Dr. Tao (Lenx) Wei of FireEye\r\n\r\niTunes Store\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A man-in-the-middle attacker may entice a user into\r\ndownloading a malicious app via Enterprise App Download\r\nDescription: An attacker with a privileged network position could\r\nspoof network communications to entice a user into downloading a\r\nmalicious app. This issue was mitigated by using SSL and prompting\r\nthe user during URL redirects.\r\nCVE-ID\r\nCVE-2014-1277 : Stefan Esser\r\n\r\nKernel\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to cause an unexpected system\r\ntermination or arbitrary code execution in the kernel\r\nDescription: An out of bounds memory access issue existed in the ARM\r\nptmx_get_ioctl function. This issue was addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2014-1278 : evad3rs\r\n\r\nOffice Viewer\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Opening a maliciously crafted Microsoft Word document may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A double free issue existed in the handling of\r\nMicrosoft Word documents. This issue was addressed through improved\r\nmemory management.\r\nCVE-ID\r\nCVE-2014-1252 : Felix Groebert of the Google Security Team\r\n\r\nPhotos Backend\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Deleted images may still appear in the Photos app underneath\r\ntransparent images\r\nDescription: Deleting an image from the asset library did not delete\r\ncached versions of the image. This issue was addressed through\r\nimproved cache management.\r\nCVE-ID\r\nCVE-2014-1281 : Walter Hoelblinger of Hoelblinger.com, Morgan Adams,\r\nTom Pennington\r\n\r\nProfiles\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A configuration profile may be hidden from the user\r\nDescription: A configuration profile with a long name could be\r\nloaded onto the device but was not displayed in the profile UI. The\r\nissue was addressed through improved handling of profile names.\r\nCVE-ID\r\nCVE-2014-1282 : Assaf Hefetz, Yair Amit and Adi Sharabani of Skycure\r\n\r\nSafari\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: User credentials may be disclosed to an unexpected site via\r\nautofill\r\nDescription: Safari may have autofilled user names and passwords\r\ninto a subframe from a different domain than the main frame. This\r\nissue was addressed through improved origin tracking.\r\nCVE-ID\r\nCVE-2013-5227 : Niklas Malmgren of Klarna AB\r\n\r\nSettings - Accounts\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to the device may be able to\r\ndisable Find My iPhone without entering an iCloud password\r\nDescription: A state management issue existed in the handling of the\r\nFind My iPhone state. This issue was addressed through improved\r\nhandling of Find My iPhone state.\r\nCVE-ID\r\nCVE-2014-1284\r\n\r\nSpringboard\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to the device may be able to\r\nsee the home screen of the device even if the device has not been\r\nactivated\r\nDescription: An unexpected application termination during activation\r\ncould cause the phone to show the home screen. The issue was\r\naddressed through improved error handling during activation.\r\nCVE-ID\r\nCVE-2014-1285 : Roboboi99\r\n\r\nSpringBoard Lock Screen\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A remote attacker may be able to cause the lock screen to\r\nbecome unresponsive\r\nDescription: A state management issue existed in the lock screen.\r\nThis issue was addressed through improved state management.\r\nCVE-ID\r\nCVE-2014-1286 : Bogdan Alecu of M-sec.net\r\n\r\nTelephonyUI Framework\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A webpage could trigger a FaceTime audio call without user\r\ninteraction\r\nDescription: Safari did not consult the user before launching\r\nfacetime-audio:// URLs. This issue was addressed with the addition of\r\na confirmation prompt.\r\nCVE-ID\r\nCVE-2013-6835 : Guillaume Ross\r\n\r\nUSB Host\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to the device may be able to\r\ncause arbitrary code execution in kernel mode\r\nDescription: A memory corruption issue existed in the handling of\r\nUSB messages. This issue was addressed through additional validation\r\nof USB messages.\r\nCVE-ID\r\nCVE-2014-1287 : Andy Davis of NCC Group\r\n\r\nVideo Driver\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Playing a maliciously crafted video could lead to the device\r\nbecoming unresponsive\r\nDescription: A null dereference issue existed in the handling of\r\nMPEG-4 encoded files. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2014-1280 : rg0rd\r\n\r\nWebKit\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2013-2909 : Atte Kettunen of OUSPG\r\nCVE-2013-2926 : cloudfuzzer\r\nCVE-2013-2928 : Google Chrome Security Team\r\nCVE-2013-5196 : Google Chrome Security Team\r\nCVE-2013-5197 : Google Chrome Security Team\r\nCVE-2013-5198 : Apple\r\nCVE-2013-5199 : Apple\r\nCVE-2013-5225 : Google Chrome Security Team\r\nCVE-2013-5228 : Keen Team (@K33nTeam) working with HP's Zero Day\r\nInitiative\r\nCVE-2013-6625 : cloudfuzzer\r\nCVE-2013-6635 : cloudfuzzer\r\nCVE-2014-1269 : Apple\r\nCVE-2014-1270 : Apple\r\nCVE-2014-1289 : Apple\r\nCVE-2014-1290 : ant4g0nist (SegFault) working with HP's Zero Day\r\nInitiative, Google Chrome Security Team\r\nCVE-2014-1291 : Google Chrome Security Team\r\nCVE-2014-1292 : Google Chrome Security Team\r\nCVE-2014-1293 : Google Chrome Security Team\r\nCVE-2014-1294 : Google Chrome Security Team\r\n\r\n\r\nInstallation note:\r\n\r\nThis update is available through iTunes and Software Update on your\r\niOS device, and will not appear in your computer's Software Update\r\napplication, or in the Apple Downloads site. Make sure you have an\r\nInternet connection and have installed the latest version of iTunes\r\nfrom www.apple.com/itunes/\r\n\r\niTunes and Software Update on the device will automatically check\r\nApple's update server on its weekly schedule. When an update is\r\ndetected, it is downloaded and the option to be installed is\r\npresented to the user when the iOS device is docked. We recommend\r\napplying the update immediately if possible. Selecting Don't Install\r\nwill present the option the next time you connect your iOS device.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes or the device checks for updates. You may manually\r\nobtain the update via the Check for Updates button within iTunes, or\r\nthe Software Update on your device.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update\r\nwill be "7.1".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJTGlvJAAoJEPefwLHPlZEwh2cP/iOvfDbgv78TKX2hsxttcy8l\r\nNTK4EbpYO0rEpqbQukIHwBrb+PtEWK4tdxWPNQV+8GnCPaLqmMXWxHZPkI02qXjI\r\nUxYNgPq+9MPcoFFdbbptz4azcwFa0rdsQtxL0MYRrUqW5ml86zjGsVWUDGMDFu9R\r\nfuujvU/JOGoIYVxFQziEScnMfryw61b/JObcT/mDzXv/IcKhuMzMfp4cbnXq7Mmx\r\nNOpIQ0syx5oH7jadJA72iX7UyUuoydAcD3gaJDbLLfjEM8giDTL/TmH1HpuJjDHq\r\nZmj0NMlMqAztoFzpHZxlJ6kYjFYs7heyWgm3HQ+dwT0cDajFEZUEJGuBBO+P6dwp\r\ncVlhDJ87crsP2ctUn46EUGFw5fFZRPEUqm4r0M/3o8z2ZPDqFxIBwMHEEV2LJtuN\r\nlKjHYYWTO9BZOg87pm/HLpNqqTEz7J1eDWVJiRh5kZarp8w5KgZhBhYkltlPKwOo\r\nUh1SvUH+CjgNQTObSLv+e2EJ0So8gi3xBGHOrOdcof33fTsyL4WDvHEIvs4l1jUY\r\nf29uha46K3dVZpJtFV3xTiwm6fodWgTR4xhWSAAVI2V8V4KLQMEHu7+eV+cURmme\r\nJLdVgzxXw0uZHP874Uy60qR+6KBdEkIvgAoDHmd9jLnZMJTQAcn7PjcZz2z/V25u\r\n3bQ2RrEc85Xqs7adpinL\r\n=W1ik\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2014-03-13T00:00:00", "published": "2014-03-13T00:00:00", "id": "SECURITYVULNS:DOC:30357", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30357", "title": "APPLE-SA-2014-03-10-1 iOS 7.1", "type": "securityvulns", "cvss": {"score": 8.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2013-6635", "CVE-2014-1278", "CVE-2013-5228", "CVE-2014-1289", "CVE-2014-1280", "CVE-2013-5133", "CVE-2014-1284", "CVE-2014-1271", "CVE-2014-1281", "CVE-2014-1276", "CVE-2013-2926", "CVE-2014-1270", "CVE-2014-1292", "CVE-2014-1287", "CVE-2014-1291", "CVE-2014-1272", "CVE-2013-5197", "CVE-2013-6835", "CVE-2013-5196", "CVE-2013-5225", "CVE-2013-5198", "CVE-2014-1252", "CVE-2013-6625", "CVE-2014-1269", "CVE-2014-1275", "CVE-2013-5199", "CVE-2014-1290", "CVE-2014-1286", "CVE-2013-5227", "CVE-2014-1282", "CVE-2014-1274", "CVE-2014-1285", "CVE-2014-1293", "CVE-2014-1273", "CVE-2013-2909", "CVE-2014-1277", "CVE-2012-2088", "CVE-2013-6629", "CVE-2013-2928", "CVE-2014-1267", "CVE-2014-1294"], "description": "Symbolic links vulnerability, root certificates problems, protection bypass, DoS, privilege escalation, memory corruption, information leakage, code execution.", "edition": 1, "modified": "2014-03-31T00:00:00", "published": "2014-03-31T00:00:00", "id": "SECURITYVULNS:VULN:13600", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13600", "title": "Apple iOS multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 8.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}]}

Apple Pages &lt; 2.1 / 5.1 Microsoft Word Document Handling Double Free Arbitrary Code Execution

Description

According to its self-reported version number, the Apple Pages install on the remote Mac OS X host reportedly has a double-free issue in its handling of Microsoft Word documents that could lead to unexpected program termination or arbitrary code execution.

Apple Pages < 2.1 / 5.1 Microsoft Word Document Handling Double Free Arbitrary Code Execution