en

Apple OS X Multiple Vulnerabilities

ID: IRCAD2015043867
Release Date: 2015-04-09
Criticality level: Highly critical
Software:
Apple Macintosh OS X
Description:
Apple has issued a security update for Apple OS X, which fixes some security issues and some vulnerabilities.
1) An error exists when checking XPC entitlements within the Admin Framework, which can lead to a process gaining otherwise restricted administrative privileges.
2) Multiple errors exist in a bundled vulnerable version of Apache.
3) Multiple input validation errors exist in fontd within ATS, which can be exploited to execute arbitrary code with system privileges.
4) An error exists when handling redirects within CFNetwork HTTPProtocol, which can be exploited to send a cookie in a redirect response to an otherwise restricted origin.
5) An error exists when handling redirects within CFNetwork Session, which can be exploited to send HTTP headers in a redirect response to an otherwise restricted origin.
6) An input validation error exists related to URL processing within CFURL, which can be exploited to execute arbitrary code.
7) A use-after-free error exists within CoreAnimation, which can be exploited to execute arbitrary code.
8) A boundary error exists when parsing font files within FontParser, which can be exploited to execute arbitrary code via a specially crafted font file.
9) A NULL pointer dereference error exists within the NVidia Graphics Driver, which can be exploited to execute arbitrary code with system privileges.
10) An input validation error exists in hypervisor framework within Hypervisor, which can be exploited to cause a DoS (Denial of Service) condition.
11) An error exists related to IOHIDSecurePromptClient within IOHIDFamily, which can be exploited to cause a heap-based buffer overflow and subsequently execute arbitrary code with system privileges.
12) A boundary error exists within IOHIDFamily, which can be exploited to cause a heap-based buffer overflow and subsequently execute arbitrary code with system privileges.
13) A NULL pointer dereference error exists within IOHIDFamily, which can be exploited to execute arbitrary code with system privileges.
14) Another error exists within IOHIDFamily, which can be exploited to execute arbitrary code with system privileges.
15) An error exists related to the mach_vm_read operation handling within Kernel, which can be exploited to cause a shutdown of a system.
16) A race condition error exists in the setreuid system call within Kernel, which can be exploited to cause a DoS condition.
17) An error exists related to setreuid and setregid system calls not dropping privileges within Kernel, which can be exploited to gain elevated privileges.
18) An error exists related to state handling when processing TCP headers within Kernel, which can be exploited to cause a DoS condition.
19) An error exists within Kernel, which can be exploited to cause and out of bounds memory access and subsequently disclose kernel memory or cause system termination.
20) An error exists when handling certain IPv6 packets from remote network interfaces within Kernel, which can be exploited to bypass network filters.
21) Am error related to XNU HFS_GETPATH exists within Kernel, which can be exploited to cause a buffer overflow and subsequently execute arbitrary code with kernel privileges.
22) An error exists when handling of TCP out of band data within Kernel, which can be exploited to cause a DoS condition.
23) A type confusion error exists when handling localized strings within LaunchServices, which can be exploited to execute arbitrary code with system privileges.
24) Two errors exist within a bundled vulnerable version of OpenLDAP.
25) Multiple errors exist within a bundled vulnerable version of OpenSSL.
26) Multiple errors exist within a bundled vulnerable version of PHP.
27) An error exists when handling iWork files within QuickLook, which can be exploited to corrupt memory and subsequently execute arbitrary code via a specially crafted iWork file.
28) An error exists when handling Collada files within SceneKit.
29) Some errors exist when verifying signatures of applications within Security - Code Signing, which can be exploited to cause an otherwise restricted application to not be prevented from launching.
30) A boundary error exists when handling Uniform Type Identifiers within UniformTypeIdentifiers, which can be exploited to execute arbitrary code with system privileges.
31) An unspecified error exists within WebKit.
The vulnerabilities are reported in versions prior to 10.10.3 (please see the vendor's advisory concerning affected versions per vulnerability).
Solution
Update to version 10.10.3 or Security Update 2015-004.
References:
APPLE-SA-2015-04-08-2:
ZDI:
Emil Kvarnhammar:
Secunia:

The Wall

No comments
You need to sign in to comment