CVE-2014-4388

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than...

Integer overflow

Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments...

Code injection

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than...

Information disclosure

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls...

Code injection

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than...

CVE-2014-4418

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than...

CVE-2014-4407

CVE-2014-4407 affects Apple IOKit on iOS (pre-8) and Apple TV (pre-7). Root cause: uninitialized kernel memory in IOKit functions leading to memory-content disclosure via crafted IOKit calls. Public details show IODataQueue/IOKit memory initialization issues; impact is kernel memory disclosure. R...

CVE-2014-4388

CVE-2014-4388 affects IOKit IODataQueue on Apple devices (iOS before 8, Apple TV before 7). The issue is a validation flaw in IODataQueue metadata fields stored in shared memory that can be manipulated by a user to corrupt memory, enabling arbitrary code execution in kernel/system context. Connec...

CVE-2014-4418

Summary of CVE-2014-4418 findings: The issue concerns the IODataQueue implementation in IOKit where kernel trusted fields (queueSize, head, tail) live in a shared memory region mapped into userspace. IOSharedDataQueue extends IODataQueue and places an appendix immediately after the queue, enablin...

CVE-2014-4407

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls...

CVE-2014-4388

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than...

CVE-2014-4389

Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments...

CVE-2014-4389

CVE-2014-4389 corresponds to an IODataQueue/IOSharedDataQueue integer overflow in IOKit that could let a crafted API argument overflow queue bounds and corrupt kernel memory, enabling arbitrary code execution with system privileges on affected iOS 7.x/Apple TV 6.x/7.x era devices. Connected mater...

Mac OS X 10.9.x < 10.9.5 Multiple Vulnerabilities

The remote host is running a version of Mac OS X 10.9.x that is prior to version 10.9.5. This update contains several security-related fixes for the following components : - apachemodphp - Bluetooth - CoreGraphics - Foundation - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - IOKit -...

APPLE-SA-2014-06-30-3 iOS 7.1.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch 5th generation and later, iPad 2 and later Impact: Update to the certificate trust policy...

July 2014 Apple security patches

Apple has issued a slew of security updates addressing a wide swath of vulnerabilities in its Safari Web browser, Mavericks desktop operating system, iOS mobile platform and content streaming AppleTV product. Apple doesn’t rate the severity of the vulnerabilities it fixes nor does it advise on...

CVE-2014-1378

IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object...

CVE-2014-1375

Intel Graphics Driver in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object...

CVE-2014-1355

The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service NULL pointer dereference and reboot via crafted API arguments...

Null pointer dereference

IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object...