CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 4CVE-2014-8835 – Apple Mac OSX 10.9.x - sysmond XPC Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-8835
The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue. La función xpc_data_get_bytes en libxpc en Apple OS X anterior a 10.10.2 no verifica que la clave de atributos de un diccionario tiene el tipo de datos xpc_data, lo que permite a atacantes ejecutar código arbitrario mediante la entrga de un diccionario manipulado a sysmond, relacionado con un problema de 'confusión de tipos de XPC'. OS X suffers from a privilege escalation vulnerability due to XPC type confusion in sysmond. • https://www.exploit-db.com/exploits/35742 http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://packetstormsecurity.com/files/135701/OS-X-Sysmond-XPC-Type-Confusion-Privilege-Escalation.html http://support.apple.com/HT204244 http://www.exploit-db.com/exploits/35742 http://www.securityfocus.com/bid/71992 http://www.securitytracker.com/id/1031650 https://code.google.com/p/google-security-research/issues/detail?id=121 https://exchange.xforce.ibmcloud.com/vulnerabilitie • CWE-19: Data Processing Errors •
CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 4CVE-2014-8826 – Apple Mac OSX < 10.10.x - GateKeeper Bypass
https://notcve.org/view.php?id=CVE-2014-8826
LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. LaunchServices en Apple OS X anterior a 10.10.2 no maneja correctamente los metadatos de tipos de ficheros, lo que permite a atacantes evadir el mecanismo de protección Gatekeeper a través de un archive JAR manipulado. A malicious Jar file can bypass all OS X Gatekeeper warnings and protections, allowing a remote attacker to execute arbitrary unsigned code downloaded by the user. Java must be installed on the victim's machine. • https://www.exploit-db.com/exploits/35934 http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://packetstormsecurity.com/files/130147/OS-X-Gatekeeper-Bypass.html http://seclists.org/fulldisclosure/2015/Jan/109 http://support.apple.com/HT204244 http://www.exploit-db.com/exploits/35934 http://www.osvdb.org/117659 http://www.securityfocus.com/archive/1/534567/100/0/threaded http://www.securityfocus.com/bid/72341 http://www.securitytracker.com/id/1031650& • CWE-19: Data Processing Errors •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4499
https://notcve.org/view.php?id=CVE-2014-4499
The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file. El proceso App Store en CommerceKit Framework en Apple OS X anterior a 10.10.2 coloca las credenciales de identificación de Apple en los registros de App Store, lo que permite a usuarios locales obtener información sensible mediante la lectura de un fichero. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4498
https://notcve.org/view.php?id=CVE-2014-4498
The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue. El Software de la CPU en Apple OS X anterior a 10.10.2 permite a atacantes físicamente próximos modificar firmware durante el proceso de actualización EFI mediante la inserción de un dispositivo Thunderbolt con código manipulado en un ROM Option, también conocido como el problema 'Thunderstrike'. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://trmm.net/Thunderstrike • CWE-17: DEPRECATED: Code •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4497
https://notcve.org/view.php?id=CVE-2014-4497
Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app. Error de signo de enteros en IOBluetoothFamily en la implementación Bluetooth en Apple OS X anterior a 10.10 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (escritura a la memoria del kernel) a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 • CWE-189: Numeric Errors •