Mac OS X < 10.10.2 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 8644

Synopsis

The remote host is missing a critical Mac OS X patch update.

Description

The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.2. Mac OS X 10.10.2 contains the following security-related fixes :

- The IOHIDFamily allows attackers to execute arbitrary code in a kernel context. (CVE-2014-8822, CVE-2014-4487)
- The LaunchServices module does not properly handle file-type metadata. This can allow an attacker to bypass the Gatekeeper protection via a crafted JAR archive. (CVE-2014-8826)
- There are unspecified vulnerabilities in the Intel Graphics driver. (CVE-2014-8819, CVE-2014-8820, CVE-2014-8821)
- There is a data leak vulnerability in the LoginWindow component. (CVE-2014-8827)
- There is a data leak vulnerability with the Spotlight Mail component. (CVE-2014-8839)
- The SceneKit component is vulnerable to a heap-based buffer overflow. (CVE-2014-8830)
- The App Store process in CommerceKit Framework is vulnerable to a local information leak. (CVE-2014-4499)
- The indexing functionality in Spotlight is vulnerable to a sensitive data leak. (CVE-2014-8832, CVE-2014-8833)
- The security_taskgate Bluetooth driver is vulnerable to an unspecified vulnerability. (CVE-2014-8831)
- The Bluetooth driver is vulnerable to a remote code execution vulnerability. (CVE-2014-8836)
- There are multiple unspecified vulnerabilities in the Bluetooth driver. (CVE-2014-8837, CVE-2014-4497)
- The UserAccountUpdater component is vulnerable to a local data leak. (CVE-2014-8834)
- There is a buffer overflow vulnerability in the xpc_data_get_bytes function in libxpc. (CVE-2014-8835)
- The SceneKit component is vulnerable to an arbitrary code execution vulnerability. (CVE-2014-8829)
- The CPU Software allows a local, physical, firmware attack. (CVE-2014-4498)
- The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller of IOUSBFamily is vulnerable to a data leak. (CVE-2014-8823)
- The kernel does not properly validate IODataQueue object metadata fields. (CVE-2014-8824)
- The kernel does not properly perform identitysvc validation. (CVE-2014-8825)
- The Coresymbolicationd component in CoreSymbolication does not verify data types. (CVE-2014-8817)
- There is an integer overflow in the CoreGraphics component which can lead to remote code execution. (CVE-2014-4481)
- There is a buffer overflow in the FontParser component which may allow remote code execution. (CVE-2014-4483)
- The FontParser does not properly validate crafted .dfont files which can lead to remote code execution. (CVE-2014-4484)
- There is a buffer overflow in the XML parser in Foundation. (CVE-2014-4485)
- The IOAcceleratorFamily does not properly handle certain types and can lead to a NULL pointer dereference. (CVE-2014-4486)
- The IOHIDFamily does not properly validate resource-queue metadata, potentially allowing remote code execution. (CVE-2014-4488)
- The IOHIDFamily fails to properly sanitize event queues. This can lead to remote code execution. (CVE-2014-4489)
- The Kernel extension API is vulnerable to a bypass of the ASLR protection mechanism. (CVE-2014-4491)
- The kernel does not enforce read-only attributes which can allow attackers to bypass access restrictions. (CVE-2014-4495)
- The libnetcore module fails to verify certain data types which can allow remote code execution in the _networkd context. (CVE-2014-4492)

Solution

Upgrade to Mac OS X 10.10.2 or later.

See Also

https://support.apple.com/en-us/HT204244

Plugin Details

Severity: Critical

ID: 8644

Published: 3/4/2015

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Patch Publication Date: 1/30/2015

Vulnerability Publication Date: 1/30/2015

Reference Information

CVE: CVE-2014-4481, CVE-2014-4483, CVE-2014-4484, CVE-2014-4485, CVE-2014-4486, CVE-2014-4487, CVE-2014-4488, CVE-2014-4489, CVE-2014-4491, CVE-2014-4492, CVE-2014-4495, CVE-2014-4497, CVE-2014-4498, CVE-2014-4499, CVE-2014-8817, CVE-2014-8819, CVE-2014-8820, CVE-2014-8821, CVE-2014-8822, CVE-2014-8823, CVE-2014-8824, CVE-2014-8825, CVE-2014-8826, CVE-2014-8827, CVE-2014-8829, CVE-2014-8830, CVE-2014-8831, CVE-2014-8832, CVE-2014-8833, CVE-2014-8834, CVE-2014-8835, CVE-2014-8836, CVE-2014-8837, CVE-2014-8839

BID: 72341, 72297, 72262, 71992, 70249, 72328, 72327