Computer Security
[EN] securityvulns.ru no-pyccku


Apple Mac OS X multiple security vulnerabilities
updated since 16.03.2015
Published:21.03.2015
Source:
SecurityVulns ID:14319
Type:library
Threat Level:
6/10
Description:Buffer overflows, DoS, memory corruption, restrictions bypass, weak cryptography.
Affected:APPLE : MacOS X 10.10
CVE:CVE-2015-1067 (Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.)
 CVE-2015-1066 (Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.)
 CVE-2015-1065 (Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.)
 CVE-2015-1061 (IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.)
 CVE-2014-4496 (The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.)
Original documentdocumentAPPLE, APPLE-SA-2015-03-19-1 Security Update 2015-003 (21.03.2015)
 documentAPPLE, APPLE-SA-2015-03-09-3 Security Update 2015-002 (16.03.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod