CVE-2014-4497
https://notcve.org/view.php?id=CVE-2014-4497
Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app. Error de signo de enteros en IOBluetoothFamily en la implementación Bluetooth en Apple OS X anterior a 10.10 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (escritura a la memoria del kernel) a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 • CWE-189: Numeric Errors •
CVE-2014-4481
https://notcve.org/view.php?id=CVE-2014-4481
Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. Desbordamiento de enteros en CoreGraphics en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 pemite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un documento PDF manipulado. • https://github.com/feliam/CVE-2014-4481 http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://www.securitytracker.com/id/1031650 • CWE-189: Numeric Errors •
CVE-2014-4483
https://notcve.org/view.php?id=CVE-2014-4483
Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document. Desbordamiento de buffer en FontParser en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un fichero de fuentes manipulado en un documento PDF. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://www.securitytracker.com/id/1031650 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-4485
https://notcve.org/view.php?id=CVE-2014-4485
Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. Desbordamiento de buffer en el analizador sintáctico de XML en Foundation en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://www.securitytracker.com/id/1031650 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-4491
https://notcve.org/view.php?id=CVE-2014-4491
The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. Las APIs de extensiónTen el kernel en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no previene la presencia de direcciones dentro de una clave OSBundleMachOHeaders en una respuesta, lo que facilita a atacantes evadir el mecanismo de protección ASLR a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://www.securitytracker.com/id/1031650 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •