CVE-2014-8832
https://notcve.org/view.php?id=CVE-2014-8832
The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive. La funcionalidad de la creación de indices en Spotlight en Apple OS X anterior a 10.10.2 escribe los contenidos de la memoria en un disco duro externo, lo que permite a usuarios locales obtener información sensible mediante la lectura de este disco. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100528 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-8839
https://notcve.org/view.php?id=CVE-2014-8839
Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL. Spotlight en Apple OS X anterior a 10.10.2 no fuerza la configuración de correo 'Cargar contenido remoto en mensajes', lo que permite a atacantes remotos descubrir direcciones IP recipientes mediante la inclusión de una imagen 'inline' en un mensaje de email en HTML y la registración de solicitudes HTTP para la URL de esta imagen. • http://heise.de/newsticker/meldung/Datenschutzpanne-in-Mac-OS-X-Yosemite-2514198.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://securitytracker.com/id/1031521 http://support.apple.com/HT204244 http://www.theregister.co.uk/2015/01/10/spotlight_caught_spreading_your_delicates https://exchange.xforce.ibmcloud.com/vulnerabilities/100527 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-8819
https://notcve.org/view.php?id=CVE-2014-8819
The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8820 and CVE-2014-8821. Intel Graphics Driver en Apple OS X anterior a 10.10.2 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-8820 y CVE-2014-8821. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100500 •
CVE-2014-8836 – OS X IOKit Kernel Memory Corruption
https://notcve.org/view.php?id=CVE-2014-8836
The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app. El controlador Bluetooth en Apple OS X anterior a 10.10.2 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (bzero de tamaño arbitrario de la memoria del kernel) a través de una aplicación manipulada. An OS X IOKit kernel memory corruption issue occurs due to a bad bzero in IOBluetoothDevice. • http://code.google.com/p/google-security-research/issues/detail?id=136 http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031626 https://exchange.xforce.ibmcloud.com/vulnerabilities/100490 • CWE-20: Improper Input Validation •
CVE-2014-8837
https://notcve.org/view.php?id=CVE-2014-8837
Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app. Múltiples vulnerabilidades no especificadas en el controlador Bluetooth en Apple OS X anterior a 10.10.2 permiten a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100491 •