CVE-2014-8839
https://notcve.org/view.php?id=CVE-2014-8839
Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL. Spotlight en Apple OS X anterior a 10.10.2 no fuerza la configuración de correo 'Cargar contenido remoto en mensajes', lo que permite a atacantes remotos descubrir direcciones IP recipientes mediante la inclusión de una imagen 'inline' en un mensaje de email en HTML y la registración de solicitudes HTTP para la URL de esta imagen. • http://heise.de/newsticker/meldung/Datenschutzpanne-in-Mac-OS-X-Yosemite-2514198.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://securitytracker.com/id/1031521 http://support.apple.com/HT204244 http://www.theregister.co.uk/2015/01/10/spotlight_caught_spreading_your_delicates https://exchange.xforce.ibmcloud.com/vulnerabilities/100527 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-8819
https://notcve.org/view.php?id=CVE-2014-8819
The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8820 and CVE-2014-8821. Intel Graphics Driver en Apple OS X anterior a 10.10.2 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-8820 y CVE-2014-8821. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100500 •
CVE-2014-8836 – OS X IOKit Kernel Memory Corruption
https://notcve.org/view.php?id=CVE-2014-8836
The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app. El controlador Bluetooth en Apple OS X anterior a 10.10.2 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (bzero de tamaño arbitrario de la memoria del kernel) a través de una aplicación manipulada. An OS X IOKit kernel memory corruption issue occurs due to a bad bzero in IOBluetoothDevice. • http://code.google.com/p/google-security-research/issues/detail?id=136 http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031626 https://exchange.xforce.ibmcloud.com/vulnerabilities/100490 • CWE-20: Improper Input Validation •
CVE-2014-8837
https://notcve.org/view.php?id=CVE-2014-8837
Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app. Múltiples vulnerabilidades no especificadas en el controlador Bluetooth en Apple OS X anterior a 10.10.2 permiten a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100491 •
CVE-2014-8824
https://notcve.org/view.php?id=CVE-2014-8824
The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app. El kernel en Apple OS X anterior a 10.10.2 no valida correctamente los campos de metadatos de objetos IODataQueue, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100516 • CWE-20: Improper Input Validation •