CVE-2014-4433 – Mac OS X 10.11 FTS Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-4433
Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem. Desbordamiento de buffer basado en memoria dinámica en el kernel en Apple OS X anterior a 10.10 permite a atacantes físicamente próximos ejecutar código arbitrario a través de bifurcaciones de recurso manipuladas en un sistema de ficheros HFS. Mac OS X version 10.11 suffered from an FTS deep structure of the file system buffer overflow vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70620 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97634 https://support.apple.com/kb/HT6535 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-4430
https://notcve.org/view.php?id=CVE-2014-4430
CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount. CoreStorage en Apple OS X anterior a 10.10 retiene una clave de cifrado del volumen hasta la acción de expulsión en el estado de desbloqueo, lo que facilita a un atacante físicamente próximo obtener datos en claro al volver a montar la unidad. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70628 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97639 https://support.apple.com/kb/HT6535 • CWE-310: Cryptographic Issues •
CVE-2014-4432
https://notcve.org/view.php?id=CVE-2014-4432
fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement. fdesetup en Apple OS X anterior a 10.10 no muestra correctamente el estado de cifrado entre una acción de actualización de la configuración y una acción de reinicio, lo que podría facilitar a un atacante físicamente próximo obtener datos en claro mediante el aprovechamiento de la ignorancia del requisito de reinicio. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70632 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97637 https://support.apple.com/kb/HT6535 • CWE-310: Cryptographic Issues •
CVE-2014-4435
https://notcve.org/view.php?id=CVE-2014-4435
The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots. La característica 'iCloud Find My Mac' en Apple OS X anterior a 10.10 no fuerza debidamente el límite de velocidad en la entrada del PIN en el modo perdido, lo que facilita a atacantes físicamente próximos obtener acceso a través de un ataque de fuerza bruta involucrando una serie de reinicios. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70638 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97636 https://support.apple.com/kb/HT6535 • CWE-287: Improper Authentication •
CVE-2014-4436
https://notcve.org/view.php?id=CVE-2014-4436
IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application. IOHIDFamily en Apple OS X anterior a 10.10 permite a atacantes causar una denegación de servicio (operación de lectura fuera de rango) a través de una aplicación manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70616 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97635 https://support.apple.com/kb/HT6535 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •