Apple užtaisė 45 saugumo spragas OS X Yosemite, Mavericks ir Mountain Lion
Apple ištaisė eilę saugumo spragų keliose savo OS X versijose išleisdama joms skirtus atnaujinimus.
Apple atnaujino tris naujausias Mac kompiuteriams skirtas OS X versijas jose ištaisydama net 45, daugiau ar mažiau pavojingas, saugumo spragas, kuriomis pasinaudoję pikti programišiai galėjo padaryti nemainumų Mac vartotojams.
Saugumo atnaujinimus skirtus OS X Yosemite vartotojams Apple pateikė kartu su OS X 10.10.4 atnaujinimu, o OS X Mavericks ir OS X Mountain Lion skirtus saugumo pataisymus vartotojai gali atsisiųsti atskiruose šioms versijoms skirtuose atnaujinimuose.
OS X 10.10.4 Yosemite ir Mavericks bei Mountain Lion 2015–005 atnaujinimuose ištaisytų saugumo spragų sąrašas:
-
Admin Framework
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: A process may gain admin privileges without proper authentication
Description: An issue existed when checking XPC entitlements. This issue was addressed through improved entitlement checking.
CVE-ID
CVE-2015-3671 : Emil Kvarnhammar at TrueSec
-
Admin Framework
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: A non-admin user may obtain admin rights
Description: An issue existed in the handling of user authentication. This issue was addressed through improved error checking.
CVE-ID
CVE-2015-3672 : Emil Kvarnhammar at TrueSec
-
Admin Framework
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: An attacker may abuse Directory Utility to gain root privileges
Description: Directory Utility was able to be moved and modified to achieve code execution within an entitled process. This issue was addressed by limiting the disk location that writeconfig clients may be executed from.
CVE-ID
CVE-2015-3673 : Patrick Wardle of Synack, Emil Kvarnhammar at TrueSec
-
afpserver
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the AFP server. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3674 : Dean Jerkovich of NCC Group
-
apache
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: An attacker may be able to access directories that are protected with HTTP authentication without knowing the correct credentials
Description: The default Apache configuration did not include mod_hfs_apple. If Apache was manually enabled and the configuration was not changed, some files that should not be accessible might have been accessible using a specially crafted URL. This issue was addressed by enabling mod_hfs_apple.
CVE-ID
CVE-2015-3675 : Apple
-
apache
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: Multiple vulnerabilities exist in PHP, the most serious of which may lead to arbitrary code execution
Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.24 and 5.4.40. These were addressed by updating PHP to versions 5.5.24 and 5.4.40.
CVE-ID
CVE-2015-0235
CVE-2015-0273
-
AppleGraphicsControl
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to determine kernel memory layout
Description: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2015-3676 : Chen Liang of KEEN Team
-
AppleFSCompression
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to determine kernel memory layout
Description: An issue existed in LZVN compression that could have led to the disclosure of kernel memory content. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3677 : an anonymous researcher working with HP's Zero Day Initiative
-
AppleThunderboltEDMService
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue existed in the handling of certain Thunderbolt commands from local processes. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3678 : Apple
-
ATS
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in handling of certain fonts. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-3679 : Pawel Wylecial working with HP's Zero Day Initiative
CVE-2015-3680 : Pawel Wylecial working with HP's Zero Day Initiative
CVE-2015-3681 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-3682 : 魏诺德
-
Bluetooth
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue existed in the Bluetooth HCI interface. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3683 : Roberto Paleari and Aristide Fattori of Emaze Networks
-
Certificate Trust Policy
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: An attacker with a privileged network position may be able to intercept network traffic
Description: An intermediate certificate was incorrectly issued by the certificate authority CNNIC. This issue was addressed through the addition of a mechanism to trust only a subset of certificates issued prior to the mis-issuance of the intermediate. You can learn more about the security partial trust allow list.
-
Certificate Trust Policy
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Description: The certificate trust policy was updated. The complete list of certificates may be viewed at the OS X Trust Store.
-
CFNetwork HTTPAuthentication
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: Following a maliciously crafted URL may lead to arbitrary code execution
Description: A memory corruption issue existed in handling of certain URL credentials. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3684 : Apple
-
CoreText
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: Processing a maliciously crafted text file may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking.
CVE-ID
CVE-2015-1157
CVE-2015-3685 : Apple
CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-3689 : Apple
-
coreTLS
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: An attacker with a privileged network position may intercept SSL/TLS connections
Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits.
CVE-ID
CVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck
-
DiskImages
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to determine kernel memory layout
Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management.
CVE-ID
CVE-2015-3690 : Peter Rutenbar working with HP's Zero Day Initiative
-
Display Drivers
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: An issue existed in the Monitor Control Command Set kernel extension by which a userland process could control the value of a function pointer within the kernel. The issue was addressed by removing the affected interface.
CVE-ID
CVE-2015-3691 : Roberto Paleari and Aristide Fattori of Emaze Networks
-
EFI
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application with root privileges may be able to modify EFI flash memory
Description: An insufficient locking issue existed with EFI flash when resuming from sleep states. This issue was addressed through improved locking.
CVE-ID
CVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah and Corey Kallenberg of LegbaCore LLC, Pedro Vilaça
-
EFI
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may induce memory corruption to escalate privileges
Description: A disturbance error, also known as Rowhammer, exists with some DDR3 RAM that could have led to memory corruption. This issue was mitigated by increasing memory refresh rates.
CVE-ID
CVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working from original research by Yoongu Kim et al (2014)
-
FontParser
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.
CVE-ID
CVE-2015-3694 : John Villamil (@day6reak), Yahoo Pentest Team
-
Graphics Driver
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: An out of bounds write issue existed in NVIDIA graphics driver. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2015-3712 : Ian Beer of Google Project Zero
-
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: Multiple buffer overflow issues exist in the Intel graphics driver, the most serious of which may lead to arbitrary code execution with system privileges
Description: Multiple buffer overflow issues existed in the Intel graphics driver. These were addressed through additional bounds checks.
CVE-ID
CVE-2015-3695 : Ian Beer of Google Project Zero
CVE-2015-3696 : Ian Beer of Google Project Zero
CVE-2015-3697 : Ian Beer of Google Project Zero
CVE-2015-3698 : Ian Beer of Google Project Zero
CVE-2015-3699 : Ian Beer of Google Project Zero
CVE-2015-3700 : Ian Beer of Google Project Zero
CVE-2015-3701 : Ian Beer of Google Project Zero
CVE-2015-3702 : KEEN Team
-
ImageIO
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: Multiple vulnerabilities existed in libtiff, the most serious of which may lead to arbitrary code execution
Description: Multiple vulnerabilities existed in libtiff versions prior to 4.0.4. They were addressed by updating libtiff to version 4.0.4.
CVE-ID
CVE-2014-8127
CVE-2014-8128
CVE-2014-8129
CVE-2014-8130
-
ImageIO
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: Processing a maliciously crafted .tiff file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the processing of .tiff files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2015-3703 : Apple
-
Install Framework Legacy
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: Several issues existed in how Install.framework's 'runner' setuid binary dropped privileges. This was addressed by properly dropping privileges.
CVE-ID
CVE-2015-3704 : Ian Beer of Google Project Zero
- IOAcceleratorFamily
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: Multiple memory corruption issues existed in IOAcceleratorFamily. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-3705 : KEEN Team
CVE-2015-3706 : KEEN Team
- IOFireWireFamily
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: Multiple null pointer dereference issues existed in the FireWire driver. These issues were addressed through improved error checking.
CVE-ID
CVE-2015-3707 : Roberto Paleari and Aristide Fattori of Emaze Networks
- Kernel
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to determine kernel memory layout
Description: A memory management issue existed in the handling of APIs related to kernel extensions which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management.
CVE-ID
CVE-2015-3720 : Stefan Esser
- Kernel
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to determine kernel memory layout
Description: A memory management issue existed in the handling of HFS parameters which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management.
CVE-ID
CVE-2015-3721 : Ian Beer of Google Project Zero
-
kext tools
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to overwrite arbitrary files
Description: kextd followed symbolic links while creating a new file. This issue was addressed through improved handling of symbolic links.
CVE-ID
CVE-2015-3708 : Ian Beer of Google Project Zero
-
kext tools
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A local user may be able to load unsigned kernel extensions
Description: A time-of-check time-of-use (TOCTOU) race condition condition existed while validating the paths of kernel extensions. This issue was addressed through improved checks to validate the path of the kernel extensions.
CVE-ID
CVE-2015-3709 : Ian Beer of Google Project Zero
-
Mail
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A maliciously crafted email can replace the message content with an arbitrary webpage when the message is viewed
Description: An issue existed in the support for HTML email which allowed message content to be refreshed with an arbitrary webpage. The issue was addressed through restricted support for HTML content.
CVE-ID
CVE-2015-3710 : Aaron Sigel of vtty.com, Jan Souček
-
ntfs
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to determine kernel memory layout
Description: An issue existed in NTFS that could have led to the disclosure of kernel memory content. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3711 : Peter Rutenbar working with HP's Zero Day Initiative
-
ntp
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: An attacker in a privileged position may be able to perform a denial of service attack against two ntp clients
Description: Multiple issues existed in the authentication of ntp packets being received by configured end-points. These issues were addressed through improved connection state management.
CVE-ID
CVE-2015-1798
CVE-2015-1799
-
OpenSSL
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: Multiple issues exist in OpenSSL, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers
Description: Multiple issues existed in OpenSSL 0.9.8zd which were addressed by updating OpenSSL to version 0.9.8zf.
CVE-ID
CVE-2015-0209
CVE-2015-0286
CVE-2015-0287
CVE-2015-0288
CVE-2015-0289
CVE-2015-0293
-
QuickTime
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: Processing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-3661 : G. Geshev working with HP's Zero Day Initiative
CVE-2015-3662 : kdot working with HP's Zero Day Initiative
CVE-2015-3663 : kdot working with HP's Zero Day Initiative
CVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero Day Initiative
CVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs
CVE-2015-3668 : Kai Lu of Fortinet's FortiGuard Labs
CVE-2015-3713 : Apple
-
Security
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the Security framework code for parsing S/MIME e-mail and some other signed or encrypted objects. This issue was addressed through improved validity checking.
CVE-ID
CVE-2013-1741
-
Security
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: Tampered applications may not be prevented from launching
Description: Apps using custom resource rules may have been susceptible to tampering that would not have invalidated the signature. This issue was addressed with improved resource validation.
CVE-ID
CVE-2015-3714 : Joshua Pitts of Leviathan Security Group
-
Security
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to bypass code signing checks
Description: An issue existed where code signing did not verify libraries loaded outside the application bundle. This issue was addressed with improved bundle verification.
CVE-ID
CVE-2015-3715 : Patrick Wardle of Synack
-
Spotlight
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
Impact: Searching for a malicious file with Spotlight may lead to command injection
Description: A command injection vulnerability existed in the handling of filenames of photos added to the local photo library. This issue was addressed through improved input validation.
CVE-ID
CVE-2015-3716 : Apple
-
SQLite
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution
Description: Multiple buffer overflows existed in SQLite's printf implementation. These issues were addressed through improved bounds checking.
CVE-ID
CVE-2015-3717 : Peter Rutenbar working with HP's Zero Day Initiative
-
System Stats
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious app may be able to compromise systemstatsd
Description: A type confusion issue existed in systemstatsd's handling of interprocess communication. By sending a maliciously formatted message to systemstatsd, it may have been possible to execute arbitrary code as the systemstatsd process. The issue was addressed through additional type checking.
CVE-ID
CVE-2015-3718 : Roberto Paleari and Aristide Fattori of Emaze Networks
-
TrueTypeScaler
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.
CVE-ID
CVE-2015-3719 : John Villamil (@day6reak), Yahoo Pentest Team
-
zip
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: Extracting a maliciously crafted zip file using the unzip tool may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the handling of zip files. These issues were addressed through improved memory handling.
CVE-ID
CVE-2014-8139
CVE-2014-8140
CVE-2014-8141
OS X 10.10.4 Yosemite ir Mavericks bei Mountain Lion 2015–005 atnaujinimuose ištaisytų Safari saugumo spragų sąrašas:
Safari 8.0.7, Safari 7.1.7 ir Safari 6.2.7
WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3
Impact: A maliciously crafted website can access the WebSQL databases of other websites
Description: An issue existed in the authorization checks for renaming WebSQL tables. This could have allowed a maliciously crafted website to access databases belonging to other websites. The issue was addressed with improved authorization checks.
CVE-ID
CVE-2015-3727 : Peter Rutenbar working with HP's Zero Day Initiative
WebKit Page Loading
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3
Impact: Visiting a maliciously crafted website may lead to account account takeover
Description: An issue existed where Safari would preserve the Origin request header for cross-origin redirects, allowing malicious websites to circumvent CSRF protections. This issue was addressed through improved handling of redirects.
CVE-ID
CVE-2015-3658 : Brad Hill of Facebook
WebKit PDF
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3
Impact: Clicking a maliciously crafted link in a PDF embedded in a webpage may lead to cookie theft or user information leakage
Description: An issue existed with PDF-embedded links which could execute JavaScript in a hosting webpage's context. This issue was addressed by restricting the support for JavaScript links.
CVE-ID
CVE-2015-3660 : Apple
WebKit Storage
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3
Impact: Visiting a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code execution
Description: An insufficient comparison issue existed in SQLite authorizer which allowed invocation of arbitrary SQL functions. This issue was addressed with improved authorization checks.
CVE-ID
CVE-2015-3659 : Peter Rutenbar working with HP's Zero Day Initiative