Created
March 9, 2015 20:46
-
-
Save FredericJacobs/a548bd9e5400fa378978 to your computer and use it in GitHub Desktop.
APPLE-SA-2015-03-09-3 Security Update 2015-002
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
iCloud Keychain | |
Available for: OS X Yosemite v10.10.2 | |
Impact: An attacker with a privileged network position may be able | |
to execute arbitrary code | |
Description: Multiple buffer overflows existed in the handling of | |
data during iCloud Keychain recovery. These issues were addressed | |
through improved bounds checking. | |
CVE-ID | |
CVE-2015-1065 : Andrey Belenko of NowSecure | |
IOAcceleratorFamily | |
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, | |
and OS X Yosemite v10.10.2 | |
Impact: A malicious application may be able to execute arbitrary | |
code with system privileges | |
Description: An off by one issue existed in IOAcceleratorFamily. | |
This issue was addressed through improved bounds checking. | |
CVE-ID | |
CVE-2015-1066 : Ian Beer of Google Project Zero | |
IOSurface | |
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, | |
and OS X Yosemite v10.10.2 | |
Impact: A malicious application may be able to execute arbitrary | |
code with system privileges | |
Description: A type confusion issue existed in IOSurface's handling | |
of serialized objects. The issue was addressed through additional | |
type checking. | |
CVE-ID | |
CVE-2015-1061 : Ian Beer of Google Project Zero | |
Kernel | |
Available for: OS X Yosemite v10.10.2 | |
Impact: Maliciously crafted or compromised applications may be able | |
to determine addresses in the kernel | |
Description: The mach_port_kobject kernel interface leaked kernel | |
addresses and heap permutation value, which may aid in bypassing | |
address space layout randomization protection. This was addressed by | |
disabling the mach_port_kobject interface in production | |
configurations. | |
CVE-ID | |
CVE-2014-4496 : TaiG Jailbreak Team | |
Secure Transport | |
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, | |
and OS X Yosemite v10.10.2 | |
Impact: An attacker with a privileged network position may intercept | |
SSL/TLS connections | |
Description: Secure Transport accepted short ephemeral RSA keys, | |
usually used only in export-strength RSA cipher suites, on | |
connections using full-strength RSA cipher suites. This issue, also | |
known as FREAK, only affected connections to servers which support | |
export-strength RSA cipher suites, and was addressed by removing | |
support for ephemeral RSA keys. | |
CVE-ID | |
CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine | |
Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of | |
Prosecco at Inria Paris |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment