Apple QuickTime GIF Out-Of-Bounds Write Remote Code Execution Vulnerability
2015-07-01T00:00:00
ID ZDI-15-279 Type zdi Reporter kdot Modified 2015-06-22T00:00:00
Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of GIF images. By providing a GIF with a malformed image descriptor, an attacker can write data outside the bounds of the data structure. An attacker could leverage this to execute arbitrary code in the context of the QuickTime process.
{"enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-3663"]}, {"type": "nessus", "idList": ["MACOSX_SECUPD2015-005.NASL", "QUICKTIME_777.NASL", "MACOSX_10_10_4.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14560", "SECURITYVULNS:DOC:32267", "SECURITYVULNS:DOC:32264", "SECURITYVULNS:VULN:14562"]}, {"type": "kaspersky", "idList": ["KLA10621"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805676"]}], "modified": "2020-06-22T11:39:59", "rev": 2}, "score": {"value": 8.0, "vector": "NONE", "modified": "2020-06-22T11:39:59", "rev": 2}, "vulnersScore": 8.0}, "edition": 3, "href": "https://www.zerodayinitiative.com/advisories/ZDI-15-279/", "modified": "2015-06-22T00:00:00", "published": "2015-07-01T00:00:00", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of GIF images. By providing a GIF with a malformed image descriptor, an attacker can write data outside the bounds of the data structure. An attacker could leverage this to execute arbitrary code in the context of the QuickTime process.", "bulletinFamily": "info", "viewCount": 2, "title": "Apple QuickTime GIF Out-Of-Bounds Write Remote Code Execution Vulnerability", "references": ["http://support.apple.com/kb/HT201222"], "cvelist": ["CVE-2015-3663"], "type": "zdi", "id": "ZDI-15-279", "lastseen": "2020-06-22T11:39:59", "reporter": "kdot", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "scheme": null}
{"cve": [{"lastseen": "2020-12-09T20:03:03", "description": "QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668.", "edition": 5, "cvss3": {}, "published": "2015-07-03T01:59:00", "title": "CVE-2015-3663", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3663"], "modified": "2016-12-28T02:59:00", "cpe": ["cpe:/a:apple:quicktime:7.7.6", "cpe:/o:apple:mac_os_x:10.10.3"], "id": "CVE-2015-3663", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3663", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apple:quicktime:7.7.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-01T04:55:19", "description": "The version of Apple QuickTime installed on the remote Windows host is\nprior to 7.7.7. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An arbitrary code execution vulnerability exists due to\n improper validation of user-supplied input. An attacker\n can exploit this, with specially crafted image data in\n an SGI file, to execute arbitrary code. (CVE-2015-3661)\n\n - An arbitrary code execution vulnerability exists due to\n an out-of-bounds write flaw caused by improper\n validation of user-supplied input. An attacker can\n exploit this, with specially crafted image data in\n a GIF file, to execute arbitrary code. (CVE-2015-3662)\n\n - An arbitrary code execution vulnerability exists due to\n an out-of-bounds write flaw caused by improper\n validation of user-supplied input. An attacker can\n exploit this, with a specially crafted image descriptor\n in a GIF file, to execute arbitrary code.\n (CVE-2015-3663)\n\n - An overflow condition exists due to improper validation\n of user-supplied input when handling 'alis' atoms. An\n attacker can exploit this, with a specially crafted\n file, to cause a stack-based buffer overflow, resulting\n in a denial of service condition or the execution of\n arbitrary code. (CVE-2015-3664)\n\n - A user-after-free error exists when handling object\n properties in movie files. An attacker can exploit this,\n with a specially crafted movie file, to dereference\n already freed memory, potentially resulting in the\n execution of arbitrary code. (CVE-2015-3665)\n\n - A memory corruption flaw exists due to improper\n validation of user-supplied input when handling the\n 'code' atom within the 'minf' (Media Information) atom.\n An attacker can exploit this, with a specially crafted\n file, to corrupt memory, potentially resulting in the\n execution of arbitrary code. (CVE-2015-3666)\n\n - A user-after-free error exists in the \n QuickTimeMPEG4!0x147f0() function when handling 'stbl'\n atoms. An attacker can exploit this, with a specially\n crafted .MOV file, to dereference already freed memory,\n potentially resulting in the execution of arbitrary\n code. (CVE-2015-3667)\n\n - A memory corruption flaw exists due to improper\n validation of user-supplied input when handling movie\n files. An attacker can exploit this, with a specially\n crafted file, to corrupt memory, potentially resulting\n in the execution of arbitrary code. (CVE-2015-3668)\n\n - An overflow condition exists due to improper validation\n of user-supplied input. An attacker can exploit this,\n with a specially crafted SGI file, to cause a heap-based\n buffer overflow, potentially resulting in the execution\n of arbitrary code. (CVE-2015-3669)", "edition": 26, "published": "2015-07-03T00:00:00", "title": "Apple QuickTime < 7.7.7 Multiple Vulnerabilities (Windows)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3666", "CVE-2015-3662", "CVE-2015-3667", "CVE-2015-3668", "CVE-2015-3661", "CVE-2015-3664", "CVE-2015-3663", "CVE-2015-3669", "CVE-2015-3665"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:apple:quicktime"], "id": "QUICKTIME_777.NASL", "href": "https://www.tenable.com/plugins/nessus/84505", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84505);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-3661\",\n \"CVE-2015-3662\",\n \"CVE-2015-3663\",\n \"CVE-2015-3664\",\n \"CVE-2015-3665\",\n \"CVE-2015-3666\",\n \"CVE-2015-3667\",\n \"CVE-2015-3668\",\n \"CVE-2015-3669\"\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-06-30-5\");\n\n script_name(english:\"Apple QuickTime < 7.7.7 Multiple Vulnerabilities (Windows)\");\n script_summary(english:\"Checks the version of QuickTime on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple QuickTime installed on the remote Windows host is\nprior to 7.7.7. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An arbitrary code execution vulnerability exists due to\n improper validation of user-supplied input. An attacker\n can exploit this, with specially crafted image data in\n an SGI file, to execute arbitrary code. (CVE-2015-3661)\n\n - An arbitrary code execution vulnerability exists due to\n an out-of-bounds write flaw caused by improper\n validation of user-supplied input. An attacker can\n exploit this, with specially crafted image data in\n a GIF file, to execute arbitrary code. (CVE-2015-3662)\n\n - An arbitrary code execution vulnerability exists due to\n an out-of-bounds write flaw caused by improper\n validation of user-supplied input. An attacker can\n exploit this, with a specially crafted image descriptor\n in a GIF file, to execute arbitrary code.\n (CVE-2015-3663)\n\n - An overflow condition exists due to improper validation\n of user-supplied input when handling 'alis' atoms. An\n attacker can exploit this, with a specially crafted\n file, to cause a stack-based buffer overflow, resulting\n in a denial of service condition or the execution of\n arbitrary code. (CVE-2015-3664)\n\n - A user-after-free error exists when handling object\n properties in movie files. An attacker can exploit this,\n with a specially crafted movie file, to dereference\n already freed memory, potentially resulting in the\n execution of arbitrary code. (CVE-2015-3665)\n\n - A memory corruption flaw exists due to improper\n validation of user-supplied input when handling the\n 'code' atom within the 'minf' (Media Information) atom.\n An attacker can exploit this, with a specially crafted\n file, to corrupt memory, potentially resulting in the\n execution of arbitrary code. (CVE-2015-3666)\n\n - A user-after-free error exists in the \n QuickTimeMPEG4!0x147f0() function when handling 'stbl'\n atoms. An attacker can exploit this, with a specially\n crafted .MOV file, to dereference already freed memory,\n potentially resulting in the execution of arbitrary\n code. (CVE-2015-3667)\n\n - A memory corruption flaw exists due to improper\n validation of user-supplied input when handling movie\n files. An attacker can exploit this, with a specially\n crafted file, to corrupt memory, potentially resulting\n in the execution of arbitrary code. (CVE-2015-3668)\n\n - An overflow condition exists due to improper validation\n of user-supplied input. An attacker can exploit this,\n with a specially crafted SGI file, to cause a heap-based\n buffer overflow, potentially resulting in the execution\n of arbitrary code. (CVE-2015-3669)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT204947\");\n # https://lists.apple.com/archives/security-announce/2015/Jun/msg00005.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0c0a736a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple QuickTime 7.7.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3669\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:quicktime\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"quicktime_installed.nasl\");\n script_require_keys(\"SMB/QuickTime/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nkb_base = \"SMB/QuickTime/\";\n\nversion = get_kb_item_or_exit(kb_base+\"Version\");\npath = get_kb_item_or_exit(kb_base+\"Path\");\n\nversion_ui = get_kb_item(kb_base+\"Version_UI\");\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui;\n\nfixed_version = \"7.77.80.95\";\nfixed_version_ui = \"7.7.7 (1680.95.51)\";\n\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version_report +\n '\\n Fixed version : ' + fixed_version_ui +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\naudit(AUDIT_INST_PATH_NOT_VULN, 'QuickTime Player', version_report, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:25:45", "description": "The remote host is running a version of Mac OS X 10.8.5 or 10.9.5\nthat is missing Security Update 2015-005. It is, therefore, affected\nmultiple vulnerabilities in the following components :\n\n - Admin Framework\n - afpserver\n - apache\n - AppleFSCompression\n - AppleGraphicsControl\n - AppleThunderboltEDMService\n - ATS\n - Bluetooth\n - Certificate Trust Policy\n - CFNetwork HTTPAuthentication\n - CoreText\n - coreTLS\n - DiskImages\n - Display Drivers\n - EFI\n - FontParser\n - Graphics Driver\n - ImageIO\n - Install Framework Legacy\n - Intel Graphics Driver\n - IOAcceleratorFamily\n - IOFireWireFamily\n - Kernel\n - kext tools\n - Mail\n - ntfs\n - ntp\n - OpenSSL\n - QuickTime\n - Security\n - Spotlight\n - SQLite\n - System Stats\n - TrueTypeScaler\n - zip\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.", "edition": 24, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-07-01T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2015-005) (GHOST) (Logjam)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-3699", "CVE-2015-3693", "CVE-2015-1157", "CVE-2015-0235", "CVE-2015-3666", "CVE-2015-3686", "CVE-2015-3697", "CVE-2015-3672", "CVE-2015-3716", "CVE-2015-3711", "CVE-2015-3712", "CVE-2015-3717", "CVE-2015-3688", "CVE-2015-3691", "CVE-2015-3706", "CVE-2015-0286", "CVE-2015-3682", "CVE-2015-3720", "CVE-2015-3677", "CVE-2015-3702", "CVE-2015-3694", "CVE-2015-3687", "CVE-2015-0288", "CVE-2015-1799", "CVE-2015-3721", "CVE-2015-3707", "CVE-2015-0273", "CVE-2015-3675", "CVE-2015-3689", "CVE-2015-3704", "CVE-2015-3680", "CVE-2015-3676", "CVE-2015-3696", "CVE-2015-3698", "CVE-2015-3692", "CVE-2015-3690", "CVE-2015-3673", "CVE-2015-0293", "CVE-2015-3700", "CVE-2015-3703", "CVE-2015-3681", "CVE-2015-0209", "CVE-2015-3662", "CVE-2015-3719", "CVE-2015-3714", "CVE-2015-3667", "CVE-2015-3668", "CVE-2015-3709", "CVE-2015-3661", "CVE-2015-3683", "CVE-2015-3663", "CVE-2015-0287", "CVE-2015-1798", "CVE-2015-0289", "CVE-2015-3674", "CVE-2015-3710", "CVE-2015-3713", "CVE-2015-3701", "CVE-2015-3705", "CVE-2015-3678", "CVE-2015-3718", "CVE-2015-3695", "CVE-2015-3685", "CVE-2015-3671", "CVE-2015-3684", "CVE-2015-3679", "CVE-2015-3708", "CVE-2015-3715"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2015-005.NASL", "href": "https://www.tenable.com/plugins/nessus/84489", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84489);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2015-0209\",\n \"CVE-2015-0235\",\n \"CVE-2015-0273\",\n \"CVE-2015-0286\",\n \"CVE-2015-0287\",\n \"CVE-2015-0288\",\n \"CVE-2015-0289\",\n \"CVE-2015-0293\",\n \"CVE-2015-1157\",\n \"CVE-2015-1798\",\n \"CVE-2015-1799\",\n \"CVE-2015-3661\",\n \"CVE-2015-3662\",\n \"CVE-2015-3663\",\n \"CVE-2015-3666\",\n \"CVE-2015-3667\",\n \"CVE-2015-3668\",\n \"CVE-2015-3671\",\n \"CVE-2015-3672\",\n \"CVE-2015-3673\",\n \"CVE-2015-3674\",\n \"CVE-2015-3675\",\n \"CVE-2015-3676\",\n \"CVE-2015-3677\",\n \"CVE-2015-3678\",\n \"CVE-2015-3679\",\n \"CVE-2015-3680\",\n \"CVE-2015-3681\",\n \"CVE-2015-3682\",\n \"CVE-2015-3683\",\n \"CVE-2015-3684\",\n \"CVE-2015-3685\",\n \"CVE-2015-3686\",\n \"CVE-2015-3687\",\n \"CVE-2015-3688\",\n \"CVE-2015-3689\",\n \"CVE-2015-3690\",\n \"CVE-2015-3691\",\n \"CVE-2015-3692\",\n \"CVE-2015-3693\",\n \"CVE-2015-3694\",\n \"CVE-2015-3695\",\n \"CVE-2015-3696\",\n \"CVE-2015-3697\",\n \"CVE-2015-3698\",\n \"CVE-2015-3699\",\n \"CVE-2015-3700\",\n \"CVE-2015-3701\",\n \"CVE-2015-3702\",\n \"CVE-2015-3703\",\n \"CVE-2015-3704\",\n \"CVE-2015-3705\",\n \"CVE-2015-3706\",\n \"CVE-2015-3707\",\n \"CVE-2015-3708\",\n \"CVE-2015-3709\",\n \"CVE-2015-3710\",\n \"CVE-2015-3711\",\n \"CVE-2015-3712\",\n \"CVE-2015-3713\",\n \"CVE-2015-3714\",\n \"CVE-2015-3715\",\n \"CVE-2015-3716\",\n \"CVE-2015-3717\",\n \"CVE-2015-3718\",\n \"CVE-2015-3719\",\n \"CVE-2015-3720\",\n \"CVE-2015-3721\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 72325,\n 72701,\n 73225,\n 73227,\n 73231,\n 73232,\n 73237,\n 73239,\n 73950,\n 73951,\n 74733\n );\n script_xref(name:\"CERT\", value:\"967332\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-06-30-2\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2015-005) (GHOST) (Logjam)\");\n script_summary(english:\"Checks for the presence of Security Update 2015-005.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.8.5 or 10.9.5\nthat is missing Security Update 2015-005. It is, therefore, affected\nmultiple vulnerabilities in the following components :\n\n - Admin Framework\n - afpserver\n - apache\n - AppleFSCompression\n - AppleGraphicsControl\n - AppleThunderboltEDMService\n - ATS\n - Bluetooth\n - Certificate Trust Policy\n - CFNetwork HTTPAuthentication\n - CoreText\n - coreTLS\n - DiskImages\n - Display Drivers\n - EFI\n - FontParser\n - Graphics Driver\n - ImageIO\n - Install Framework Legacy\n - Intel Graphics Driver\n - IOAcceleratorFamily\n - IOFireWireFamily\n - Kernel\n - kext tools\n - Mail\n - ntfs\n - ntp\n - OpenSSL\n - QuickTime\n - Security\n - Spotlight\n - SQLite\n - System Stats\n - TrueTypeScaler\n - zip\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-ca/HT204942\");\n # http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?956357d4\");\n # https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7a6ddbd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://weakdh.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2015-005 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple OS X Entitlements Rootpipe Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\npatch = \"2015-005\";\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:\"-\");\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\n# Advisory states that the update is available for 10.10.2\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.[89]\\.5([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.8.5 or Mac OS X 10.9.5\");\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\..*bom$\", string:packages);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = eregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:23:18", "description": "The remote host is running a version of Mac OS X 10.10.x that is prior\nto 10.10.4. It is, therefore, affected multiple vulnerabilities in the\nfollowing components :\n\n - Admin Framework\n - afpserver\n - apache\n - AppleFSCompression\n - AppleGraphicsControl\n - AppleThunderboltEDMService\n - ATS\n - Bluetooth\n - Certificate Trust Policy\n - CFNetwork HTTPAuthentication\n - CoreText\n - coreTLS\n - DiskImages\n - Display Drivers\n - EFI\n - FontParser\n - Graphics Driver\n - ImageIO\n - Install Framework Legacy\n - Intel Graphics Driver\n - IOAcceleratorFamily\n - IOFireWireFamily\n - Kernel\n - kext tools\n - Mail\n - ntfs\n - ntp\n - OpenSSL\n - QuickTime\n - Security\n - Spotlight\n - SQLite\n - System Stats\n - TrueTypeScaler\n - zip\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.", "edition": 25, "published": "2015-07-01T00:00:00", "title": "Mac OS X 10.10.x < 10.10.4 Multiple Vulnerabilities (GHOST) (Logjam)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-3699", "CVE-2015-3693", "CVE-2015-1157", "CVE-2015-0235", "CVE-2015-3666", "CVE-2015-3686", "CVE-2015-3697", "CVE-2015-3672", "CVE-2015-3716", "CVE-2015-3711", "CVE-2015-3712", "CVE-2015-3717", "CVE-2015-3688", "CVE-2015-3691", "CVE-2015-3706", "CVE-2015-0286", "CVE-2015-3682", "CVE-2015-3720", "CVE-2015-3677", "CVE-2015-3702", "CVE-2015-3694", "CVE-2015-3687", "CVE-2015-0288", "CVE-2015-1799", "CVE-2015-3721", "CVE-2015-3707", "CVE-2015-0273", "CVE-2015-3675", "CVE-2015-3689", "CVE-2015-3704", "CVE-2015-3680", "CVE-2015-3676", "CVE-2015-3696", "CVE-2015-3698", "CVE-2015-3692", "CVE-2015-3690", "CVE-2015-7036", "CVE-2015-3673", "CVE-2015-0293", "CVE-2015-3700", "CVE-2015-3703", "CVE-2015-3681", "CVE-2015-0209", "CVE-2015-3662", "CVE-2015-3719", "CVE-2015-3714", "CVE-2015-3667", "CVE-2015-3668", "CVE-2015-3709", "CVE-2015-3661", "CVE-2015-3683", "CVE-2015-3663", "CVE-2015-0287", "CVE-2015-1798", "CVE-2015-0289", "CVE-2015-3674", "CVE-2015-3710", "CVE-2015-3713", "CVE-2015-3701", "CVE-2015-3705", "CVE-2015-3678", "CVE-2015-3718", "CVE-2015-3695", "CVE-2015-3685", "CVE-2015-3671", "CVE-2015-3684", "CVE-2015-3679", "CVE-2015-3708", "CVE-2015-3715"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_10_4.NASL", "href": "https://www.tenable.com/plugins/nessus/84488", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84488);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-0209\",\n \"CVE-2015-0235\",\n \"CVE-2015-0273\",\n \"CVE-2015-0286\",\n \"CVE-2015-0287\",\n \"CVE-2015-0288\",\n \"CVE-2015-0289\",\n \"CVE-2015-0293\",\n \"CVE-2015-1157\",\n \"CVE-2015-1798\",\n \"CVE-2015-1799\",\n \"CVE-2015-3661\",\n \"CVE-2015-3662\",\n \"CVE-2015-3663\",\n \"CVE-2015-3666\",\n \"CVE-2015-3667\",\n \"CVE-2015-3668\",\n \"CVE-2015-3671\",\n \"CVE-2015-3672\",\n \"CVE-2015-3673\",\n \"CVE-2015-3674\",\n \"CVE-2015-3675\",\n \"CVE-2015-3676\",\n \"CVE-2015-3677\",\n \"CVE-2015-3678\",\n \"CVE-2015-3679\",\n \"CVE-2015-3680\",\n \"CVE-2015-3681\",\n \"CVE-2015-3682\",\n \"CVE-2015-3683\",\n \"CVE-2015-3684\",\n \"CVE-2015-3685\",\n \"CVE-2015-3686\",\n \"CVE-2015-3687\",\n \"CVE-2015-3688\",\n \"CVE-2015-3689\",\n \"CVE-2015-3690\",\n \"CVE-2015-3691\",\n \"CVE-2015-3692\",\n \"CVE-2015-3693\",\n \"CVE-2015-3694\",\n \"CVE-2015-3695\",\n \"CVE-2015-3696\",\n \"CVE-2015-3697\",\n \"CVE-2015-3698\",\n \"CVE-2015-3699\",\n \"CVE-2015-3700\",\n \"CVE-2015-3701\",\n \"CVE-2015-3702\",\n \"CVE-2015-3703\",\n \"CVE-2015-3704\",\n \"CVE-2015-3705\",\n \"CVE-2015-3706\",\n \"CVE-2015-3707\",\n \"CVE-2015-3708\",\n \"CVE-2015-3709\",\n \"CVE-2015-3710\",\n \"CVE-2015-3711\",\n \"CVE-2015-3712\",\n \"CVE-2015-3713\",\n \"CVE-2015-3714\",\n \"CVE-2015-3715\",\n \"CVE-2015-3716\",\n \"CVE-2015-3717\",\n \"CVE-2015-3718\",\n \"CVE-2015-3719\",\n \"CVE-2015-3720\",\n \"CVE-2015-3721\",\n \"CVE-2015-4000\",\n \"CVE-2015-7036\"\n );\n script_bugtraq_id(\n 72325,\n 72701,\n 73225,\n 73227,\n 73231,\n 73232,\n 73237,\n 73239,\n 73950,\n 73951,\n 74733\n );\n script_xref(name:\"CERT\", value:\"967332\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-06-30-2\");\n\n script_name(english:\"Mac OS X 10.10.x < 10.10.4 Multiple Vulnerabilities (GHOST) (Logjam)\");\n script_summary(english:\"Checks the version of Mac OS X.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.10.x that is prior\nto 10.10.4. It is, therefore, affected multiple vulnerabilities in the\nfollowing components :\n\n - Admin Framework\n - afpserver\n - apache\n - AppleFSCompression\n - AppleGraphicsControl\n - AppleThunderboltEDMService\n - ATS\n - Bluetooth\n - Certificate Trust Policy\n - CFNetwork HTTPAuthentication\n - CoreText\n - coreTLS\n - DiskImages\n - Display Drivers\n - EFI\n - FontParser\n - Graphics Driver\n - ImageIO\n - Install Framework Legacy\n - Intel Graphics Driver\n - IOAcceleratorFamily\n - IOFireWireFamily\n - Kernel\n - kext tools\n - Mail\n - ntfs\n - ntp\n - OpenSSL\n - QuickTime\n - Security\n - Spotlight\n - SQLite\n - System Stats\n - TrueTypeScaler\n - zip\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-ca/HT204942\");\n # http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?956357d4\");\n # https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7a6ddbd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X 10.10.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0235\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple OS X Entitlements Rootpipe Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nmatch = eregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (isnull(match)) exit(1, \"Failed to parse the Mac OS X version ('\" + os + \"').\");\n\nversion = match[1];\nif (!ereg(pattern:\"^10\\.10([^0-9]|$)\", string:version)) audit(AUDIT_OS_NOT, \"Mac OS X 10.10\", \"Mac OS X \"+version);\n\nfixed_version = \"10.10.4\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected since it is running Mac OS X \"+version+\".\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "cvelist": ["CVE-2015-3666", "CVE-2015-3662", "CVE-2015-3667", "CVE-2015-3668", "CVE-2015-3661", "CVE-2015-3664", "CVE-2015-3663", "CVE-2015-3669", "CVE-2015-3665"], "description": "Multiple memory corruptions on different formats handling.", "edition": 1, "modified": "2015-07-05T00:00:00", "published": "2015-07-05T00:00:00", "id": "SECURITYVULNS:VULN:14560", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14560", "title": "Apple QuickTime multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:59", "bulletinFamily": "software", "cvelist": ["CVE-2015-3666", "CVE-2015-3662", "CVE-2015-3667", "CVE-2015-3668", "CVE-2015-3661", "CVE-2015-3664", "CVE-2015-3663", "CVE-2015-3669", "CVE-2015-3665"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA256\r\n\r\nAPPLE-SA-2015-06-30-5 QuickTime 7.7.7\r\n\r\nQuickTime 7.7.7 is now available and addresses the following:\r\n\r\nQT Media Foundation\r\nAvailable for: Windows 7 and Windows Vista\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3661 : G. Geshev working with HP's Zero Day Initiative\r\nCVE-2015-3662 : kdot working with HP's Zero Day Initiative\r\nCVE-2015-3663 : kdot working with HP's Zero Day Initiative\r\nCVE-2015-3664 : Andrea Micalizzi (rgod) working with HP's Zero Day\r\nInitiative\r\nCVE-2015-3665 : WanderingGlitch of HP's Zero Day Initiative\r\nCVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero\r\nDay Initiative\r\nCVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai\r\nLu of Fortinet's FortiGuard Labs\r\nCVE-2015-3668 : Kai Lu of Fortinet's FortiGuard Labs\r\nCVE-2015-3669 : kdot working with HP's Zero Day Initiative\r\n\r\n\r\nQuickTime 7.7.7 may be obtained from the QuickTime Downloads site:\r\nhttp://www.apple.com/quicktime/download/\r\n\r\nYou may also update to the latest version of QuickTime via Apple \r\nSoftware Update, which can be found in the Start menu.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\n\r\niQIcBAEBCAAGBQJVkxVvAAoJEBcWfLTuOo7tuGoP/3oURL1tC5dv/+ZDKV/nI9Ug\r\nWOJoeVUIT662wG7JLEEnhS94VAlChogFcgXNIrms72ApocBMxj81NIsjIjJPqmbg\r\n3UgOHVcA7xYCUTvm5Q3Cj4zZRJ14J47GLu3On1bLtpFPcQRsAyeMIwtbawt6vYoB\r\nqiQ7rYvtT02/SBXor0RojmIuo4kMZz2twpjZHGf5aOu/0CzuzA/TPJ1FRALWmvGx\r\nrIy4bS0QPqbzg7A/TT+1X9e7pCdY/Hmn3GMFBk3cX0cLfQN8XHxMU/JJ8ja7vbl4\r\nLfB9xuy6CJL9S1w6W/U5/4WVb5k5AXb9mF1KsfxffBGZnOqLxMGWlbr9holSBRfh\r\n/BRbaLhNG9DQ9DMO9i7sjdFs3uVM9U3M0G/0TPed2+S8WBOgac+x9OCpM3u9aOjP\r\n3nWiA4WDsurl8DFdZwt5mAi+OoocYQARS4g+JghVkBZ982MXGeisamqyec3BQVzs\r\ni75lzDBPp6pW+TJj0GlEFTa2qf/n3YsL5au6RubFHb62qNq7SmmNj0GmBVddZIDd\r\nI3TZ72sqievGv0UMMzYhIWeZCUJmSpsr2tJ9pkdH8SkmsEClGJHtwOscevQIhqPz\r\nWfhRPgPmGE/0QBtDHRciVWxJ9jfH4AG79+69FqEE1QIew/+/hZcK0IJyttqOVli7\r\n3l2PXTYo9ZOODysgzAFn\r\n=Srvg\r\n-----END PGP SIGNATURE-----\r\n\r\n\r\n", "edition": 1, "modified": "2015-07-05T00:00:00", "published": "2015-07-05T00:00:00", "id": "SECURITYVULNS:DOC:32264", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32264", "title": "APPLE-SA-2015-06-30-5 QuickTime 7.7.7", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:59", "bulletinFamily": "software", "cvelist": ["CVE-2015-4000", "CVE-2015-3699", "CVE-2015-3693", "CVE-2015-1157", "CVE-2015-0235", "CVE-2015-3666", "CVE-2015-3686", "CVE-2015-3697", "CVE-2015-3672", "CVE-2015-3716", "CVE-2015-3711", "CVE-2015-3712", "CVE-2015-3717", "CVE-2015-3688", "CVE-2015-3691", "CVE-2015-3706", "CVE-2015-0286", "CVE-2015-3682", "CVE-2015-3720", "CVE-2015-3677", "CVE-2014-8127", "CVE-2015-3702", "CVE-2015-3694", "CVE-2015-3687", "CVE-2014-8141", "CVE-2015-0288", "CVE-2015-1799", "CVE-2015-3721", "CVE-2015-3707", "CVE-2015-0273", "CVE-2015-3675", "CVE-2015-3689", "CVE-2015-3704", "CVE-2015-3680", "CVE-2013-1741", "CVE-2014-8140", "CVE-2015-3676", "CVE-2015-3696", "CVE-2015-3698", "CVE-2015-3692", "CVE-2015-3690", "CVE-2015-3673", "CVE-2014-8130", "CVE-2015-0293", "CVE-2015-3700", "CVE-2015-3703", "CVE-2015-3681", "CVE-2015-0209", "CVE-2015-3662", "CVE-2015-3719", "CVE-2015-3714", "CVE-2015-3667", "CVE-2015-3668", "CVE-2015-3709", "CVE-2015-3661", "CVE-2015-3683", "CVE-2014-8128", "CVE-2015-3663", "CVE-2014-8129", "CVE-2015-0287", "CVE-2015-1798", "CVE-2015-0289", "CVE-2015-3674", "CVE-2015-3710", "CVE-2015-3713", "CVE-2015-3701", "CVE-2015-3705", "CVE-2015-3678", "CVE-2015-3718", "CVE-2014-8139", "CVE-2015-3695", "CVE-2015-3685", "CVE-2015-3671", "CVE-2015-3684", "CVE-2015-3679", "CVE-2015-3708", "CVE-2015-3715"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA256\r\n\r\nAPPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update\r\n2015-005\r\n\r\nOS X Yosemite v10.10.4 and Security Update 2015-005 are now available\r\nand address the following:\r\n\r\nAdmin Framework\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A process may gain admin privileges without proper\r\nauthentication\r\nDescription: An issue existed when checking XPC entitlements. This\r\nissue was addressed through improved entitlement checking.\r\nCVE-ID\r\nCVE-2015-3671 : Emil Kvarnhammar at TrueSec\r\n\r\nAdmin Framework\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A non-admin user may obtain admin rights\r\nDescription: An issue existed in the handling of user\r\nauthentication. This issue was addressed through improved error\r\nchecking.\r\nCVE-ID\r\nCVE-2015-3672 : Emil Kvarnhammar at TrueSec\r\n\r\nAdmin Framework\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: An attacker may abuse Directory Utility to gain root\r\nprivileges\r\nDescription: Directory Utility was able to be moved and modified to\r\nachieve code execution within an entitled process. This issue was\r\naddressed by limiting the disk location that writeconfig clients may\r\nbe executed from.\r\nCVE-ID\r\nCVE-2015-3673 : Patrick Wardle of Synack, Emil Kvarnhammar at TrueSec\r\n\r\nafpserver\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the AFP server.\r\nThis issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3674 : Dean Jerkovich of NCC Group\r\n\r\napache\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: An attacker may be able to access directories that are\r\nprotected with HTTP authentication without knowing the correct\r\ncredentials\r\nDescription: The default Apache configuration did not include\r\nmod_hfs_apple. If Apache was manually enabled and the configuration\r\nwas not changed, some files that should not be accessible might have\r\nbeen accessible using a specially crafted URL. This issue was\r\naddressed by enabling mod_hfs_apple.\r\nCVE-ID\r\nCVE-2015-3675 : Apple\r\n\r\napache\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Multiple vulnerabilities exist in PHP, the most serious of\r\nwhich may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.5.24 and 5.4.40. These were addressed by updating PHP to\r\nversions 5.5.24 and 5.4.40.\r\nCVE-ID\r\nCVE-2015-0235\r\nCVE-2015-0273\r\n\r\nAppleGraphicsControl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in AppleGraphicsControl which could\r\nhave led to the disclosure of kernel memory layout. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2015-3676 : Chen Liang of KEEN Team\r\n\r\nAppleFSCompression\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in LZVN compression that could have\r\nled to the disclosure of kernel memory content. This issue was\r\naddressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3677 : an anonymous researcher working with HP's Zero Day\r\nInitiative\r\n\r\nAppleThunderboltEDMService\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in the handling of\r\ncertain Thunderbolt commands from local processes. This issue was\r\naddressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3678 : Apple\r\n\r\nATS\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in handling\r\nof certain fonts. These issues were addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-3679 : Pawel Wylecial working with HP's Zero Day Initiative\r\nCVE-2015-3680 : Pawel Wylecial working with HP's Zero Day Initiative\r\nCVE-2015-3681 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-3682 : Nuode Wei\r\n\r\nBluetooth\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in the Bluetooth HCI\r\ninterface. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3683 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nCertificate Trust Policy\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: An attacker with a privileged network position may be able\r\nto intercept network traffic\r\nDescription: An intermediate certificate was incorrectly issued by\r\nthe certificate authority CNNIC. This issue was addressed through the\r\naddition of a mechanism to trust only a subset of certificates issued\r\nprior to the mis-issuance of the intermediate. Further details are\r\navailable at https://support.apple.com/en-us/HT204938\r\n\r\nCertificate Trust Policy\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nDescription: The certificate trust policy was updated. The complete\r\nlist of certificates may be viewed at https://support.apple.com/en-\r\nus/HT202858.\r\n\r\nCFNetwork HTTPAuthentication\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Following a maliciously crafted URL may lead to arbitrary\r\ncode execution\r\nDescription: A memory corruption issue existed in handling of\r\ncertain URL credentials. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3684 : Apple\r\n\r\nCoreText\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Processing a maliciously crafted text file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nprocessing of text files. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-1157\r\nCVE-2015-3685 : Apple\r\nCVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-3689 : Apple\r\n\r\ncoreTLS\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: An attacker with a privileged network position may intercept\r\nSSL/TLS connections\r\nDescription: coreTLS accepted short ephemeral Diffie-Hellman (DH)\r\nkeys, as used in export-strength ephemeral DH cipher suites. This\r\nissue, also known as Logjam, allowed an attacker with a privileged\r\nnetwork position to downgrade security to 512-bit DH if the server\r\nsupported an export-strength ephemeral DH cipher suite. The issue was\r\naddressed by increasing the default minimum size allowed for DH\r\nephemeral keys to 768 bits.\r\nCVE-ID\r\nCVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck\r\n\r\nDiskImages\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An information disclosure issue existed in the\r\nprocessing of disk images. This issue was addressed through improved\r\nmemory management.\r\nCVE-ID\r\nCVE-2015-3690 : Peter Rutenbar working with HP's Zero Day Initiative\r\n\r\nDisplay Drivers\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An issue existed in the Monitor Control Command Set\r\nkernel extension by which a userland process could control the value\r\nof a function pointer within the kernel. The issue was addressed by\r\nremoving the affected interface.\r\nCVE-ID\r\nCVE-2015-3691 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nEFI\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application with root privileges may be able to\r\nmodify EFI flash memory\r\nDescription: An insufficient locking issue existed with EFI flash\r\nwhen resuming from sleep states. This issue was addressed through\r\nimproved locking.\r\nCVE-ID\r\nCVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah\r\nand Corey Kallenberg of LegbaCore LLC, Pedro Vilaca\r\n\r\nEFI\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may induce memory corruption to\r\nescalate privileges\r\nDescription: A disturbance error, also known as Rowhammer, exists\r\nwith some DDR3 RAM that could have led to memory corruption. This\r\nissue was mitigated by increasing memory refresh rates.\r\nCVE-ID\r\nCVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working\r\nfrom original research by Yoongu Kim et al (2014)\r\n\r\nFontParser\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3694 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nGraphics Driver\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An out of bounds write issue existed in NVIDIA graphics\r\ndriver. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2015-3712 : Ian Beer of Google Project Zero\r\n\r\nIntel Graphics Driver\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Multiple buffer overflow issues exist in the Intel graphics\r\ndriver, the most serious of which may lead to arbitrary code\r\nexecution with system privileges\r\nDescription: Multiple buffer overflow issues existed in the Intel\r\ngraphics driver. These were addressed through additional bounds\r\nchecks.\r\nCVE-ID\r\nCVE-2015-3695 : Ian Beer of Google Project Zero\r\nCVE-2015-3696 : Ian Beer of Google Project Zero\r\nCVE-2015-3697 : Ian Beer of Google Project Zero\r\nCVE-2015-3698 : Ian Beer of Google Project Zero\r\nCVE-2015-3699 : Ian Beer of Google Project Zero\r\nCVE-2015-3700 : Ian Beer of Google Project Zero\r\nCVE-2015-3701 : Ian Beer of Google Project Zero\r\nCVE-2015-3702 : KEEN Team\r\n\r\nImageIO\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Multiple vulnerabilities existed in libtiff, the most\r\nserious of which may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in libtiff versions\r\nprior to 4.0.4. They were addressed by updating libtiff to version\r\n4.0.4.\r\nCVE-ID\r\nCVE-2014-8127\r\nCVE-2014-8128\r\nCVE-2014-8129\r\nCVE-2014-8130\r\n\r\nImageIO\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Processing a maliciously crafted .tiff file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\n.tiff files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-3703 : Apple\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: Several issues existed in how Install.framework's\r\n'runner' setuid binary dropped privileges. This was addressed by\r\nproperly dropping privileges.\r\nCVE-ID\r\nCVE-2015-3704 : Ian Beer of Google Project Zero\r\n\r\nIOAcceleratorFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: Multiple memory corruption issues existed in\r\nIOAcceleratorFamily. These issues were addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3705 : KEEN Team\r\nCVE-2015-3706 : KEEN Team\r\n\r\nIOFireWireFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: Multiple null pointer dereference issues existed in the\r\nFireWire driver. These issues were addressed through improved error\r\nchecking.\r\nCVE-ID\r\nCVE-2015-3707 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: A memory management issue existed in the handling of\r\nAPIs related to kernel extensions which could have led to the\r\ndisclosure of kernel memory layout. This issue was addressed through\r\nimproved memory management.\r\nCVE-ID\r\nCVE-2015-3720 : Stefan Esser\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: A memory management issue existed in the handling of\r\nHFS parameters which could have led to the disclosure of kernel\r\nmemory layout. This issue was addressed through improved memory\r\nmanagement.\r\nCVE-ID\r\nCVE-2015-3721 : Ian Beer of Google Project Zero\r\n\r\nkext tools\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to overwrite arbitrary\r\nfiles\r\nDescription: kextd followed symbolic links while creating a new\r\nfile. This issue was addressed through improved handling of symbolic\r\nlinks.\r\nCVE-ID\r\nCVE-2015-3708 : Ian Beer of Google Project Zero\r\n\r\nkext tools\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A local user may be able to load unsigned kernel extensions\r\nDescription: A time-of-check time-of-use (TOCTOU) race condition\r\ncondition existed while validating the paths of kernel extensions.\r\nThis issue was addressed through improved checks to validate the path\r\nof the kernel extensions.\r\nCVE-ID\r\nCVE-2015-3709 : Ian Beer of Google Project Zero\r\n\r\nMail\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A maliciously crafted email can replace the message content\r\nwith an arbitrary webpage when the message is viewed\r\nDescription: An issue existed in the support for HTML email which\r\nallowed message content to be refreshed with an arbitrary webpage.\r\nThe issue was addressed through restricted support for HTML content.\r\nCVE-ID\r\nCVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek\r\n\r\nntfs\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in NTFS that could have led to the\r\ndisclosure of kernel memory content. This issue was addressed through\r\nimproved memory handling.\r\nCVE-ID\r\nCVE-2015-3711 : Peter Rutenbar working with HP's Zero Day Initiative\r\n\r\nntp\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: An attacker in a privileged position may be able to perform\r\na denial of service attack against two ntp clients\r\nDescription: Multiple issues existed in the authentication of ntp\r\npackets being received by configured end-points. These issues were\r\naddressed through improved connection state management.\r\nCVE-ID\r\nCVE-2015-1798\r\nCVE-2015-1799\r\n\r\nOpenSSL\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: Multiple issues exist in OpenSSL, including one that may\r\nallow an attacker to intercept connections to a server that supports\r\nexport-grade ciphers\r\nDescription: Multiple issues existed in OpenSSL 0.9.8zd which were\r\naddressed by updating OpenSSL to version 0.9.8zf.\r\nCVE-ID\r\nCVE-2015-0209\r\nCVE-2015-0286\r\nCVE-2015-0287\r\nCVE-2015-0288\r\nCVE-2015-0289\r\nCVE-2015-0293\r\n\r\nQuickTime\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Processing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3661 : G. Geshev working with HP's Zero Day Initiative\r\nCVE-2015-3662 : kdot working with HP's Zero Day Initiative\r\nCVE-2015-3663 : kdot working with HP's Zero Day Initiative\r\nCVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero\r\nDay Initiative\r\nCVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai\r\nLu of Fortinet's FortiGuard Labs, Ryan Pentney, and Richard Johnson\r\nof Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs\r\nCVE-2015-3668 : Kai Lu of Fortinet's FortiGuard Labs\r\nCVE-2015-3713 : Apple\r\n\r\nSecurity\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A remote attacker may cause an unexpected application\r\ntermination or arbitrary code execution\r\nDescription: An integer overflow existed in the Security framework\r\ncode for parsing S/MIME e-mail and some other signed or encrypted\r\nobjects. This issue was addressed through improved validity checking.\r\nCVE-ID\r\nCVE-2013-1741\r\n\r\nSecurity\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Tampered applications may not be prevented from launching\r\nDescription: Apps using custom resource rules may have been\r\nsusceptible to tampering that would not have invalidated the\r\nsignature. This issue was addressed with improved resource\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3714 : Joshua Pitts of Leviathan Security Group\r\n\r\nSecurity\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to bypass code signing\r\nchecks\r\nDescription: An issue existed where code signing did not verify\r\nlibraries loaded outside the application bundle. This issue was\r\naddressed with improved bundle verification.\r\nCVE-ID\r\nCVE-2015-3715 : Patrick Wardle of Synack\r\n\r\nSpotlight\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Searching for a malicious file with Spotlight may lead to\r\ncommand injection\r\nDescription: A command injection vulnerability existed in the\r\nhandling of filenames of photos added to the local photo library.\r\nThis issue was addressed through improved input validation.\r\nCVE-ID\r\nCVE-2015-3716 : Apple\r\n\r\nSQLite\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A remote attacker may cause an unexpected application\r\ntermination or arbitrary code execution\r\nDescription: Multiple buffer overflows existed in SQLite's printf\r\nimplementation. These issues were addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-3717 : Peter Rutenbar working with HP's Zero Day Initiative\r\n\r\nSystem Stats\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious app may be able to compromise systemstatsd\r\nDescription: A type confusion issue existed in systemstatsd's\r\nhandling of interprocess communication. By sending a maliciously\r\nformatted message to systemstatsd, it may have been possible to\r\nexecute arbitrary code as the systemstatsd process. The issue was\r\naddressed through additional type checking.\r\nCVE-ID\r\nCVE-2015-3718 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nTrueTypeScaler\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3719 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nzip\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: Extracting a maliciously crafted zip file using the unzip\r\ntool may lead to an unexpected application termination or arbitrary\r\ncode execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of zip files. These issues were addressed through improved\r\nmemory handling.\r\nCVE-ID\r\n\r\nCVE-2014-8139\r\nCVE-2014-8140\r\nCVE-2014-8141\r\n\r\n\r\nOS X Yosemite 10.10.4 includes the security content of Safari 8.0.7.\r\nhttps://support.apple.com/en-us/HT204950\r\n\r\nOS X Yosemite 10.10.4 and Security Update 2015-005 may be obtained\r\nfrom the Mac App Store or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBCAAGBQJVksFmAAoJEBcWfLTuOo7tV1AQAIYpkOMpHp181b+70sgyZ/Ue\r\nmFM527FFGDfLLuIW6LTcBsEFe9cfZxumB8eOFPirTNRK7krsVMo1W+faHXyWOnx7\r\nkbWylHdhaoxnX+A6Gj0vP71V6TNNsTi9+2dmdmHUnwxZ7Ws5QCNKebumUG3MMXXo\r\nEKxE5SNSNKyMSSYmliS26cdl8fWrmg9qTxiZQnxjOCrg/CNAolgVIRRfdMUL7i4w\r\naGAyrlJXOxFOuNkqdHX2luccuHFV7aW/dIXQ4MyjiRNl/bWrBQmQlneLLpPdFZlH\r\ncMfGa2/baaNaCbU/GqhNKbO4fKYVaqQWzfUrtqX0+bRv2wmOq33ARy9KE23bYTvL\r\nU4E9x9z87LsLXGAdjUi6MDe5g87DcmwIEigfF6/EHbDYa/2VvSdIa74XRv/JCN1+\r\naftHLotin76h4qV/dCAPf5J/Fr/1KFCM0IphhG7p+7fVTfyy7YDXNBiKCEZzLf8U\r\nTUWLUCgQhobtakqwzQJ5qyF8u63xzVXj8oeTOw6iiY/BLlj9def5LMm/z6ZKGTyC\r\n3c4+Sy5XvBHZoeiwdcndTVpnFbmmjZRdeqtdW/zX5mHnxXPa3lZiGoBDhHQgIg6J\r\n1tTVtnO1JSLXVYDR6Evx1EH10Vgkt2wAGTLjljSLwtckoEqc78qMAT1G5U4nFffI\r\n+gGm5FbAxjxElgA/gbaq\r\n=KLda\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-07-05T00:00:00", "published": "2015-07-05T00:00:00", "id": "SECURITYVULNS:DOC:32267", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32267", "title": "APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "cvelist": ["CVE-2015-4000", "CVE-2015-3699", "CVE-2015-3693", "CVE-2015-1157", "CVE-2015-0235", "CVE-2015-3666", "CVE-2015-3686", "CVE-2015-3697", "CVE-2015-3672", "CVE-2015-3716", "CVE-2015-3711", "CVE-2015-3712", "CVE-2015-3717", "CVE-2015-3688", "CVE-2015-3691", "CVE-2015-3706", "CVE-2015-0286", "CVE-2015-3682", "CVE-2015-3720", "CVE-2015-3677", "CVE-2014-8127", "CVE-2015-3702", "CVE-2015-3694", "CVE-2015-3687", "CVE-2014-8141", "CVE-2015-0288", "CVE-2015-1799", "CVE-2015-3721", "CVE-2015-3707", "CVE-2015-0273", "CVE-2015-3675", "CVE-2015-3689", "CVE-2015-3704", "CVE-2015-3680", "CVE-2013-1741", "CVE-2014-8140", "CVE-2015-3676", "CVE-2015-3696", "CVE-2015-3698", "CVE-2015-3692", "CVE-2015-3690", "CVE-2015-3673", "CVE-2014-8130", "CVE-2015-0293", "CVE-2015-3700", "CVE-2015-3703", "CVE-2015-3681", "CVE-2015-0209", "CVE-2015-3662", "CVE-2015-3719", "CVE-2015-3714", "CVE-2015-3667", "CVE-2015-3668", "CVE-2015-3709", "CVE-2015-3661", "CVE-2015-3683", "CVE-2014-8128", "CVE-2015-3663", "CVE-2014-8129", "CVE-2015-0287", "CVE-2015-1798", "CVE-2015-0289", "CVE-2015-3674", "CVE-2015-3710", "CVE-2015-3713", "CVE-2015-3701", "CVE-2015-3705", "CVE-2015-3678", "CVE-2015-3718", "CVE-2014-8139", "CVE-2015-3695", "CVE-2015-3685", "CVE-2015-3671", "CVE-2015-3684", "CVE-2015-3679", "CVE-2015-3708", "CVE-2015-3715"], "description": "Privilege escalation, information disclosure, multiple memory corruptions.", "edition": 1, "modified": "2015-07-05T00:00:00", "published": "2015-07-05T00:00:00", "id": "SECURITYVULNS:VULN:14562", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14562", "title": "Apple Mac OS X / EFI multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2020-09-02T11:51:49", "bulletinFamily": "info", "cvelist": ["CVE-2015-3666", "CVE-2015-3662", "CVE-2015-3667", "CVE-2015-3668", "CVE-2015-3661", "CVE-2015-3664", "CVE-2015-3663", "CVE-2015-3669", "CVE-2015-3665"], "description": "### *Detect date*:\n06/30/2015\n\n### *Severity*:\nHigh\n\n### *Description*:\nMemory corruption vulnerabilities were found in Apple QuickTime. By exploiting these vulnerabilities malicious users can cause denial of service or execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed file.\n\n### *Affected products*:\nApple QuickTime versions earlier than 7.7.7\n\n### *Solution*:\nUpdate to the latest version \n[Get Quicktime](<http://www.apple.com/support/mac-apps/quicktime/>)\n\n### *Original advisories*:\n[Apple advisory](<https://support.apple.com/en-us/HT204947>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple QuickTime](<https://threats.kaspersky.com/en/product/Apple-QuickTime/>)\n\n### *CVE-IDS*:\n[CVE-2015-3669](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3669>)6.8High \n[CVE-2015-3667](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3667>)6.8High \n[CVE-2015-3666](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3666>)6.8High \n[CVE-2015-3663](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3663>)6.8High \n[CVE-2015-3662](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3662>)6.8High \n[CVE-2015-3665](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3665>)6.8High \n[CVE-2015-3664](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3664>)6.8High \n[CVE-2015-3668](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3668>)6.8High \n[CVE-2015-3661](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3661>)6.8High", "edition": 40, "modified": "2020-05-22T00:00:00", "published": "2015-06-30T00:00:00", "id": "KLA10621", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10621", "title": "\r KLA10621Multiple vulnerabilities in Apple QuickTime ", "type": "kaspersky", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-02-20T20:54:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-3699", "CVE-2015-3693", "CVE-2015-1157", "CVE-2015-0235", "CVE-2015-3666", "CVE-2015-3686", "CVE-2015-3697", "CVE-2015-3672", "CVE-2015-3716", "CVE-2015-3711", "CVE-2015-3712", "CVE-2015-3717", "CVE-2015-3688", "CVE-2015-3691", "CVE-2015-3706", "CVE-2015-0286", "CVE-2015-3682", "CVE-2015-3720", "CVE-2015-3677", "CVE-2014-8127", "CVE-2015-3702", "CVE-2015-3694", "CVE-2015-3687", "CVE-2014-8141", "CVE-2015-0288", "CVE-2015-1799", "CVE-2015-3721", "CVE-2015-3707", "CVE-2015-0273", "CVE-2015-3675", "CVE-2015-3689", "CVE-2015-3704", "CVE-2015-3680", "CVE-2013-1741", "CVE-2014-8140", "CVE-2015-3676", "CVE-2015-3696", "CVE-2015-3698", "CVE-2015-3692", "CVE-2015-3690", "CVE-2015-7036", "CVE-2015-3673", "CVE-2014-8130", "CVE-2015-0293", "CVE-2015-3700", "CVE-2015-3703", "CVE-2015-3681", "CVE-2015-0209", "CVE-2015-3662", "CVE-2015-3719", "CVE-2015-3714", "CVE-2015-3667", "CVE-2015-3668", "CVE-2015-3709", "CVE-2015-3661", "CVE-2015-3683", "CVE-2014-8128", "CVE-2015-3663", "CVE-2014-8129", "CVE-2015-0287", "CVE-2015-1798", "CVE-2015-0289", "CVE-2015-3674", "CVE-2015-3710", "CVE-2015-3713", "CVE-2015-3701", "CVE-2015-3705", "CVE-2015-3678", "CVE-2015-3718", "CVE-2014-8139", "CVE-2015-3695", "CVE-2015-3685", "CVE-2015-3671", "CVE-2015-3684", "CVE-2015-3679", "CVE-2015-3708", "CVE-2015-3715"], "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "modified": "2020-02-18T00:00:00", "published": "2015-07-10T00:00:00", "id": "OPENVAS:1361412562310805676", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805676", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities-01 July15", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities-01 July15\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805676\");\n script_version(\"2020-02-18T15:18:54+0000\");\n script_cve_id(\"CVE-2015-3720\", \"CVE-2015-3718\", \"CVE-2015-3716\", \"CVE-2015-3715\",\n \"CVE-2015-3714\", \"CVE-2015-3713\", \"CVE-2015-3712\", \"CVE-2015-3711\",\n \"CVE-2015-3709\", \"CVE-2015-3708\", \"CVE-2015-3707\", \"CVE-2015-3706\",\n \"CVE-2015-3705\", \"CVE-2015-3704\", \"CVE-2015-3702\", \"CVE-2015-3701\",\n \"CVE-2015-3700\", \"CVE-2015-3699\", \"CVE-2015-3698\", \"CVE-2015-3697\",\n \"CVE-2015-3696\", \"CVE-2015-3695\", \"CVE-2015-3693\", \"CVE-2015-3692\",\n \"CVE-2015-3691\", \"CVE-2015-3694\", \"CVE-2015-3689\", \"CVE-2015-3688\",\n \"CVE-2015-3687\", \"CVE-2015-3721\", \"CVE-2015-3719\", \"CVE-2015-3717\",\n \"CVE-2015-3710\", \"CVE-2015-3703\", \"CVE-2015-3690\", \"CVE-2015-3686\",\n \"CVE-2015-3685\", \"CVE-2015-3684\", \"CVE-2015-3683\", \"CVE-2015-3682\",\n \"CVE-2015-3681\", \"CVE-2015-3680\", \"CVE-2015-3679\", \"CVE-2015-3678\",\n \"CVE-2015-3677\", \"CVE-2015-3676\", \"CVE-2015-3675\", \"CVE-2015-3674\",\n \"CVE-2015-3673\", \"CVE-2015-3672\", \"CVE-2015-3671\", \"CVE-2015-0235\",\n \"CVE-2015-0273\", \"CVE-2015-1157\", \"CVE-2015-4000\", \"CVE-2014-8127\",\n \"CVE-2014-8128\", \"CVE-2014-8129\", \"CVE-2014-8130\", \"CVE-2015-1798\",\n \"CVE-2015-1799\", \"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\",\n \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0293\", \"CVE-2015-3661\",\n \"CVE-2015-3662\", \"CVE-2015-3663\", \"CVE-2015-3666\", \"CVE-2015-3667\",\n \"CVE-2015-3668\", \"CVE-2013-1741\", \"CVE-2015-7036\", \"CVE-2014-8139\",\n \"CVE-2014-8140\", \"CVE-2014-8141\");\n script_bugtraq_id(75493, 75495, 75491);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 15:18:54 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-07-10 12:16:49 +0530 (Fri, 10 Jul 2015)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-01 July15\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists. For details refer\n reference section.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to obtain sensitive information, execute arbitrary code, bypass intended launch\n restrictions and access restrictions, cause a denial of service, write to\n arbitrary files, execute arbitrary code with system privilege.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.10.x before\n 10.10.4, 10.8.x through 10.8.5, 10.9.x through 10.9.5.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.10.4 or later or apply security update 2015-005 for 10.9.x and 10.8.x versions. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT204942\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.([89]|10)\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.([89]|10)\" || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nif((osVer == \"10.9.5\") || (osVer == \"10.8.5\"))\n{\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n if(!buildVer){\n exit(0);\n }\n\n if(osVer == \"10.9.5\" && version_is_less(version:buildVer, test_version:\"13F1096\"))\n {\n fix = \"Apply Security Update 2015-005\";\n osVer = osVer + \" Build \" + buildVer;\n }\n\n else if(osVer == \"10.8.5\" && version_is_less(version:buildVer, test_version:\"12F2542\"))\n {\n fix = \"Apply Security Update 2015-005\";\n osVer = osVer + \" Build \" + buildVer;\n }\n}\n\nif(osVer =~ \"^10\\.9\")\n{\n if(version_is_less(version:osVer, test_version:\"10.9.5\")){\n fix = \"Upgrade to latest OS release 10.9.5 and apply patch from vendor\";\n }\n}\nelse if(osVer =~ \"^10\\.8\")\n{\n if(version_is_less(version:osVer, test_version:\"10.8.5\")){\n fix = \"Upgrade to latest OS release 10.8.5 and apply patch from vendor\";\n }\n}\n\nelse if(osVer =~ \"^10\\.10\")\n{\n if(version_is_less(version:osVer, test_version:\"10.10.4\")){\n fix = \"10.10.4\";\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
