OS X

CVEs (535)

• CVE-2015-1067Mar 11, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.05

  Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related…

• CVE-2014-8839Jan 30, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.00

  Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's…

• CVE-2014-8838Jan 30, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.00

  The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app.

• CVE-2014-8837Jan 30, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.02

  Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.

• CVE-2014-8836Jan 30, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.01

  The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app.

• CVE-2014-8834Jan 30, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.00

  UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file.

• CVE-2014-8833Jan 30, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.00

  SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query.

• CVE-2014-8832Jan 30, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.00

  The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive.

• CVE-2014-8831Jan 30, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.00

  security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate.

• CVE-2014-8830Jan 30, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.04

  Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file.

• CVE-2014-8829Jan 30, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.01

  SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.

• CVE-2014-8828Jan 30, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.00

  Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path.

• CVE-2014-8827Jan 30, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.00

  LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen.

• CVE-2014-8825Jan 30, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.00

  The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors.

• CVE-2014-8824Jan 30, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.01

  The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

• CVE-2014-8823Jan 30, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.00

  The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument.

• CVE-2014-8822Jan 30, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.01

  IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method.

• CVE-2014-8821Jan 30, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.00

  The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8820.

• CVE-2014-8819Jan 30, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.00

  The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8820 and CVE-2014-8821.

• CVE-2014-8817Jan 30, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.01

  coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of…