CVE-2015-3710
https://notcve.org/view.php?id=CVE-2015-3710
Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message. Mail en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos provocar una operación de actualización, y como consecuencia causar una visita a un sitio web arbitrario, a través de un mensaje de email HTML manipulado. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75491 http://www.securitytracker.com/id/1032760 • CWE-254: 7PK - Security Features •
CVE-2015-3719
https://notcve.org/view.php?id=CVE-2015-3719
TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694. TrueTypeScaler en FontParser en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de fuentes manipulado, una vulnerabilidad diferente a CVE-2015-3694. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75491 http://www.securitytracker.com/id/1032760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3721
https://notcve.org/view.php?id=CVE-2015-3721
The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app. El kernel en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 no maneja correctamente los parámetros HFS, lo que permite a atacantes obtener información sensible de la estructura de la memoria a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75491 http://www.securitytracker.com/id/1032760 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-3680 – Apple OS X DFont FOND Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3680
Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3681, and CVE-2015-3682. Apple Type Services (ATS) en Apple OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero manipulado, una vulnerabilidad diferente a CVE-2015-3679, CVE-2015-3681, y CVE-2015-3682. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of data fork font suitcase files. The issue lies in the parsing of the 'FOND' table. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3711 – Apple OS X NTFS Compression Block Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-3711
The NTFS implementation in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. La implementación NTFS en Apple OS X anterior a 10.10.4 permite a atacantes obtener información sensible de la estructura de la memoria para el kernel a través de una aplicación manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the handling of NTFS file systems. The issue lies in the handling of compressed blocks. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032760 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •