This issue was addressed through improved bounds checking.ĬVE-2014-1372 : Ian Beer of Google Project Zero Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomizationĭescription: An out-of-bounds read issue existed in the handling of a system call. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution.ĬVE-2014-1371 : an anonymous researcher working with HP's Zero Day InitiativeĪvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictionsĭescription: An unvalidated array index issue existed in the Dock’s handling of messages from applications. Impact: A remote attacker may be able to gain access to another user's sessionĭescription: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. This issue was addressed through improved bounds checking.ĬVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCPĪvailable for: OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code executionĭescription: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. The complete list of certificates may be viewed at. Impact: Update to the certificate trust policyĭescription: The certificate trust policy was updated. Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3
0 Comments
Leave a Reply. |