Impact: Browsing to a folder with malformed bookmarks may cause unexpected application terminationĭescription: An input validation issue existed in parsing bookmark metadata. This was addressed by removing the affected functions.ĬVE-2014-4860 : Corey Kallenberg, Xeno Kovah, John Butterworth, and Sam Cornwell of The MITRE Corporation, coordinated via CERT Impact: An attacker can exercise unused EFI functionsĭescription: An issue existed with EFI argument handling. This issue was addressed through improved memory handling.ĬVE-2015-6995 : Ian Beer of Google Project Zero
#Apple update os x el capitan code
Impact: A malicious application may be able to execute arbitrary code with system privilegesĭescription: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved authorization checks.ĬVE-2015-6980 : Michael of Westside Community Schools Impact: A local user may be able to execute arbitrary code with root privilegesĭescription: An authentication issue existed during the establishment of new sessions. These issues were addressed through improved bounds checking.ĬVE-2015-6992 : John Villamil Yahoo Pentest TeamĪvailable for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11ĬVE-2015-6975 : John Villamil Yahoo Pentest TeamĬVE-2015-7017 : John Villamil Yahoo Pentest TeamĪvailable for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5ĬVE-2015-5944 : John Villamil Yahoo Pentest Team Impact: Processing a maliciously crafted font file may lead to arbitrary code executionĭescription: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved memory handling. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients.ĭescription: Multiple memory corruption issues existed in CoreGraphics. Impact: A malicious application may be able to elevate privilegesĭescription: A heap based buffer overflow issue existed in the DNS client library. This issue was addressed through improved parsing.ĬVE-2015-7023 : Marvin Scholz and Michael Lutonsky Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC Impact: Visiting a maliciously crafted website may lead to cookies being overwrittenĭescription: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved validation of metadata.ĬVE-2015-7006 : Mark Dowd of Azimuth Security
#Apple update os x el capitan archive
Impact: Unpacking a maliciously crafted archive may lead to arbitrary code executionĭescription: A file traversal vulnerability existed in the handling of CPIO archives. Impact: Playing a malicious audio file may lead to arbitrary code executionĭescription: Multiple memory corruption issues existed in the handling of audio files. This issue was addressed through improved memory initialization.ĬVE-2015-7003 : Mark Brand of Google Project Zero Impact: A malicious application may be able to execute arbitrary codeĭescription: An uninitialized memory issue existed in coreaudiod. This issue was addressed through improved memory handling.ĬVE-2015-6985 : John Villamil Yahoo Pentest Team Impact: Visiting a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code executionĭescription: A memory corruption issue existed in ATS. These were addressed by updating PHP to versions 5.5.29 and 5.4.45. This issue was addressed through improved accessor element validation and improved object locking.ĭescription: Multiple vulnerabilities existed in PHP versions prior to 5.5.29 and 5.4.45. Impact: Visiting a maliciously crafted website may lead to arbitrary code executionĭescription: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11
0 kommentar(er)
