CVE-2015-3680 – Apple OS X DFont FOND Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3680
Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3681, and CVE-2015-3682. Apple Type Services (ATS) en Apple OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero manipulado, una vulnerabilidad diferente a CVE-2015-3679, CVE-2015-3681, y CVE-2015-3682. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of data fork font suitcase files. The issue lies in the parsing of the 'FOND' table. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3677 – Apple OS X LZVN DMG Information Disclosure Vulnerabillity
https://notcve.org/view.php?id=CVE-2015-3677
The LZVN compression feature in AppleFSCompression in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. La característica de compresión LZVN en AppleFSCompression en Apple OS X anterior a 10.10.4 permite a atacantes obtener información sensible de la estructura de la memoria para el kernel a través de una aplicación manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of DMG files. The issue lies in the handling of LZVN compressed streams. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032760 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-3663 – Apple QuickTime GIF Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3663
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668. QT Media Foundation en Apple QuickTime anterior a 7.7.7, utilizado en OS X anterior a 10.10.4 y otros productos, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero manipulado, una vulnerabilidad diferente a CVE-2015-3661, CVE-2015-3662, CVE-2015-3666, CVE-2015-3667, y CVE-2015-3668. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of GIF images. By providing a GIF with a malformed image descriptor, an attacker can write data outside the bounds of the data structure. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00005.html http://support.apple.com/kb/HT204942 http://support.apple.com/kb/HT204947 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032756 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3727 – WebKit WebSQL ALTER TABLE Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3727
WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site. WebKit en Apple Safari anterior a 6.2.7, 7.x anterior a 7.1.7, y 8.x anterior a 8.0.7, utilizado en Apple iOS anterior a 8.4 y otros productos, no restringe correctamente las operaciones de renombramiento en las tablas WebSQL, lo que permite a atacantes remotos acceder a la base de datos de un sitio web arbitrario a través de un sitio web manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of WebSQL. The issue lies in the failure to properly utilize SQLite's authorization code. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204950 http://www.securityfocus.com/bid/75492 http://www.securitytracker.com/id/1032754 http://www.ubuntu.com/usn/USN-2937-1 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-3690 – Apple OS X GZIP DMG Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-3690
The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. El subsistema DiskImages en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes obtener información sensible de la estructura de la memoria para el kernel a través de una aplicación manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of DMG files. The issue lies in the handling of GZIP compressed streams. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75491 http://www.securitytracker.com/id/1032760 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •