CVE-2015-7044
https://notcve.org/view.php?id=CVE-2015-7044
The System Integrity Protection feature in Apple OS X before 10.11.2 mishandles union mounts, which allows attackers to execute arbitrary code in a privileged context via a crafted app with root privileges. La funcionalidad System Integrity Protection en Apple OS X en versiones anteriores a 10.11.2 no maneja correctamente los montajes de unión, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada con privilegios de root. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://www.securitytracker.com/id/1034344 https://support.apple.com/HT205637 • CWE-254: 7PK - Security Features •
CVE-2015-7052
https://notcve.org/view.php?id=CVE-2015-7052
kext tools in Apple OS X before 10.11.2 mishandles kernel-extension loading, which allows local users to gain privileges via unspecified vectors. kext tools en Apple OS X en versiones anteriores a 10.11.2 no maneja adecuadamente la carga de extensión del kernel, lo que permite a usuarios locales obtener privilegios a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://www.securitytracker.com/id/1034344 https://support.apple.com/HT205637 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-7063
https://notcve.org/view.php?id=CVE-2015-7063
The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a crafted pathname. El cargador del kernel en EFI en Apple OS X en versiones anteriores a 10.11.2 permite a usuarios locales obtener privilegios a través de un nombre de ruta manipulado. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://www.securitytracker.com/id/1034344 https://support.apple.com/HT205637 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-7047 – Apple Mac OSX / iOS - Unsandboxable Kernel Use-After-Free in Mach Vouchers
https://notcve.org/view.php?id=CVE-2015-7047
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed. El kernel en Apple iOS en versiones anteriores a 9.2, OS X en versiones anteriores a 10.11.2, tvOS en versiones anteriores a 9.1 y watchOS en versiones anteriores a 2.1 permite a usuarios locales obtener privilegios a través de un mensaje mach manipulado que no analiza correctamente la gramática. The mach voucher subsystem fails to correctly handle spoofed no-more-senders messages. ipc_kobject_server will be called for mach messages sent to kernel-owned mach ports. If the msgh_id of the message can't be found in the mig_buckets hash table then this function calls ipc_kobject_notify. Note that this is the same code path which would be taken for a real no-more-senders notification message but there's nothing stopping user-space from also just sending one. • https://www.exploit-db.com/exploits/39377 https://www.exploit-db.com/exploits/39371 https://www.exploit-db.com/exploits/39374 https://www.exploit-db.com/exploits/39373 https://www.exploit-db.com/exploits/39375 http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html http://lists.apple.com/archives/security-announce/201 • CWE-20: Improper Input Validation •
CVE-2015-7040
https://notcve.org/view.php?id=CVE-2015-7040
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7041, CVE-2015-7042, and CVE-2015-7043. El kernel en Apple iOS en versiones anteriores a 9.2, OS X en versiones anteriores a 10.11.2, tvOS en versiones anteriores a 9.1 y watchOS en versiones anteriores a 2.1 permite a atacantes provocar una denegación de servicio a través de una aplicación manipulada, una vulnerabilidad diferente a CVE-2015-7041, CVE-2015-7042 y CVE-2015-7043. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://www.securityfocus.com/bid/78719 http://www.securitytracker.com/id/1034344 https://support.apple.com/HT205635 https://support.apple.com/HT205637 https://support.apple.com/HT205640 https:// •