Multiple Vulnerabilities in Apple iOS, Apple OS X and Apple TV

Vulnerability Summary for CVE-2014-4480
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.

Vulnerability Summary for CVE-2014-4481
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

Vulnerability Summary for CVE-2014-4483
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.

Vulnerability Summary for CVE-2014-4484
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.

Vulnerability Summary for CVE-2014-4485
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.

Vulnerability Summary for CVE-2014-4486
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app.

Vulnerability Summary for CVE-2014-4487
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.

Vulnerability Summary for CVE-2014-4488
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

Vulnerability Summary for CVE-2014-4489
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

Vulnerability Summary for CVE-2014-4491
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.

Vulnerability Summary for CVE-2014-4492
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.

Vulnerability Summary for CVE-2014-4493
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app.

Vulnerability Summary for CVE-2014-4494
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app.

Vulnerability Summary for CVE-2014-4495
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app.

Vulnerability Summary for CVE-2014-4496
Original release date:
01/30/2015
Last revised:
01/30/2015
Source:
US-CERT/NIST

Overview
The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.

Vulnerability Summary for CVE-2014-4497
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app.

Vulnerability Summary for CVE-2014-4498
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue.

Vulnerability Summary for CVE-2014-4499
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file.

Vulnerability Summary for CVE-2014-8816
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
CoreGraphics in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PDF document.

Vulnerability Summary for CVE-2014-8817
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command.

Vulnerability Summary for CVE-2014-8819
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8820 and CVE-2014-8821.

Vulnerability Summary for CVE-2014-8820
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8821.

Vulnerability Summary for CVE-2014-8821
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8820.

Vulnerability Summary for CVE-2014-8822
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method.

Vulnerability Summary for CVE-2014-8823
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument.

Vulnerability Summary for CVE-2014-8824
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

Vulnerability Summary for CVE-2014-8825
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors.

Vulnerability Summary for CVE-2014-8826
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive.

Vulnerability Summary for CVE-2014-8827
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen.

Vulnerability Summary for CVE-2014-8828
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path.

Vulnerability Summary for CVE-2014-8829
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.

Vulnerability Summary for CVE-2014-8830
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file.

Vulnerability Summary for CVE-2014-8831
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate.

Vulnerability Summary for CVE-2014-8832
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive.

Vulnerability Summary for CVE-2014-8833
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query.

Vulnerability Summary for CVE-2014-8834
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file.

Vulnerability Summary for CVE-2014-8835
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue.

Vulnerability Summary for CVE-2014-8836
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app.

Vulnerability Summary for CVE-2014-8837
Original release date:
01/30/2015
Last revised:
02/02/2015
Source:
US-CERT/NIST

Overview
Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.

Vulnerability Summary for CVE-2014-8838
Original release date:
01/30/2015
Last revised:
01/30/2015
Source:
US-CERT/NIST

Overview
The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app.

Vulnerability Summary for CVE-2014-8839
Original release date:
01/30/2015
Last revised:
01/30/2015
Source:
US-CERT/NIST

Overview
Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL.

Vulnerability Summary for CVE-2014-8840
Original release date:
01/30/2015
Last revised:
01/30/2015
Source:
US-CERT/NIST

Overview
The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store.