OS X

CVEs (534)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2014-4498	Apple Inc. Mac Os X	—	0.00	Jan 30, 2015	The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue.
CVE-2014-4497	Apple Inc. Mac Os X	—	0.01	Jan 30, 2015	Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app.
CVE-2014-4495	Apple Inc. Mac Os X	—	0.01	Jan 30, 2015	The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app.
CVE-2014-4491	Apple Inc. Mac Os X	—	0.01	Jan 30, 2015	The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism…
CVE-2014-4489	Apple Inc. Mac Os X	—	0.01	Jan 30, 2015	IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted…
CVE-2014-4488	Apple Inc. Mac Os X	—	0.02	Jan 30, 2015	IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2014-4487	Apple Inc. Mac Os X	—	0.02	Jan 30, 2015	Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2014-4486	Apple Inc. Mac Os X	—	0.01	Jan 30, 2015	IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference)…
CVE-2014-4485	Apple Inc. Mac Os X	—	0.03	Jan 30, 2015	Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
CVE-2014-4484	Apple Inc. Mac Os X	—	0.03	Jan 30, 2015	FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.
CVE-2014-4483	Apple Inc. Mac Os X	—	0.02	Jan 30, 2015	Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.
CVE-2014-4460	Apple Inc. Mac Os X	—	0.00	Nov 18, 2014	CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.
CVE-2014-4459	Apple Inc. Mac Os X	—	0.04	Nov 18, 2014	Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.
CVE-2014-4458	Apple Inc. Mac Os X	—	0.01	Nov 18, 2014	The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2014-4453	Apple Inc. Mac Os X	—	0.01	Nov 18, 2014	Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2014-4444	Apple Inc. Mac Os X	—	0.00	Oct 18, 2014	SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login.
CVE-2014-4443	Apple Inc. Mac Os X	—	0.01	Oct 18, 2014	Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data.
CVE-2014-4442	Apple Inc. Mac Os X	—	0.00	Oct 18, 2014	The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket.
CVE-2014-4441	Apple Inc. Mac Os X	—	0.01	Oct 18, 2014	NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled.
CVE-2014-4440	Apple Inc. Mac Os X	—	0.01	Oct 18, 2014	The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended…

CVE-2014-4498Jan 30, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue.
CVE-2014-4497Jan 30, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app.
CVE-2014-4495Jan 30, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app.
CVE-2014-4491Jan 30, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism…
CVE-2014-4489Jan 30, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted…
CVE-2014-4488Jan 30, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2014-4487Jan 30, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2014-4486Jan 30, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference)…
CVE-2014-4485Jan 30, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.03
Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
CVE-2014-4484Jan 30, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.03
FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.
CVE-2014-4483Jan 30, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.
CVE-2014-4460Nov 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.
CVE-2014-4459Nov 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.04
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.
CVE-2014-4458Nov 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2014-4453Nov 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2014-4444Oct 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login.
CVE-2014-4443Oct 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data.
CVE-2014-4442Oct 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket.
CVE-2014-4441Oct 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled.
CVE-2014-4440Oct 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended…

Page 24 of 27