![]()
This issue was addressed by disallowing logging of credentials. The App Store process could log Apple ID credentials in the log when additional logging was enabled. Impact: An attacker with access to a system may be able to recover Apple ID credentialsĭescription: An issue existed in the handling of App Store logs. This issue was addressed by not loading option ROMs during updates.ĬVE-2014-4498 : Trammell Hudson of Two Sigma Investments Impact: A malicious Thunderbolt device may be able to affect firmware flashingĭescription: Thunderbolt devices could modify the host firmware if connected during an EFI update. This issue was addressed through improved bounds checking.ĬVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the iSIGHT Partners GVP ProgramĪvailable for: OS X Yosemite v10.10 and v10.10.1, for: MacBook Pro Retina, MacBook Air (Mid 2013 and later), iMac (Late 2013 and later), Mac Pro (Late 2013) OS X YOSEMITE 10.10.2 BOOTABLE USB PDFImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code executionĭescription: An integer overflow existed in the handling of PDF files. This issue was addressed through a change in caching behavior.Īvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Website cache may not be fully cleared after leaving private browsingĭescription: A privacy issue existed where browsing data could remain in the cache after leaving private browsing. The issues were addressed through additional input validation.ĬVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze Networks The issue was addressed through additional input validation.ĬVE-2014-8836 : Ian Beer of Google Project Zeroĭescription: Multiple security issues existed in the Bluetooth driver, allowing a malicious application to execute arbitrary code with system privilege. OS X YOSEMITE 10.10.2 BOOTABLE USB DRIVERThis issue does not affect OS X Yosemite systems.ĭescription: An error existed in the Bluetooth driver that allowed a malicious application to control the size of a write to kernel memory. This issue was addressed through improved bounds checking. Impact: A malicious application may be able to execute arbitrary code with system privilegesĭescription: An integer signedness error existed in IOBluetoothFamily which allowed manipulation of kernel memory. OS X YOSEMITE 10.10.2 BOOTABLE USB PATCHThese issues were addressed by updating bash to patch level 57.Īvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: Multiple vulnerabilities in bash, including one that may allow local attackers to execute arbitrary codeĭescription: Multiple vulnerabilities existed in bash. This issue was addressed by removing the addresses from the result.ĬVE-2014-4426 : Craig Young of Tripwire VERTĪvailable for: OS X Yosemite v10.10 and v10.10.1 Impact: A remote attacker may be able to determine all the network addresses of the systemĭescription: The AFP file server supported a command which returned all the network addresses of the system. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |