Apple macOS vulnerabilities

CVE-2014-3707 [MEDIUM] CWE-200 CVE-2014-3707: The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COP The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.

CVE-2014-3660 [MEDIUM] CVE-2014-3660: parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substit parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.

CVE-2014-4433 [HIGH] CWE-119 CVE-2014-4433: Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate atta Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem.

CVE-2014-4443 [HIGH] CWE-20 CVE-2014-4443: Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereferen Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data.

CVE-2014-4427 [HIGH] CWE-264 CVE-2014-4427: App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API.

CVE-2014-4432 [MEDIUM] CWE-310 CVE-2014-4432: fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a set fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement.

CVE-2014-4437 [MEDIUM] CWE-264 CVE-2014-4437: LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions v LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object.

CVE-2014-4434 [MEDIUM] CWE-20 CVE-2014-4434: The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of ser The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem.

CVE-2014-4428 [MEDIUM] CWE-310 CVE-2014-4428: Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which a Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing.

CVE-2014-4426 [MEDIUM] CWE-200 CVE-2014-4426: AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface.

CVE-2014-4425 [MEDIUM] CWE-287 CVE-2014-4425: CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation.

CVE-2014-4442 [MEDIUM] CWE-20 CVE-2014-4442: The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket.

CVE-2014-4436 [MEDIUM] CWE-119 CVE-2014-4436: IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds re IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application.

CVE-2014-4417 [MEDIUM] CWE-20 CVE-2014-4417: Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Pu Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception by providing a crafted Push Notification.

CVE-2014-4351 [MEDIUM] CWE-119 CVE-2014-4351: Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file.

CVE-2014-4391 [MEDIUM] CWE-310 CVE-2014-4391: The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource env The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource.

CVE-2014-4444 [MEDIUM] CWE-287 CVE-2014-4444: SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login.

CVE-2014-4435 [MEDIUM] CWE-287 CVE-2014-4435: The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots.

CVE-2014-4430 [MEDIUM] CWE-310 CVE-2014-4430: CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in th CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount.

CVE-2014-4441 [MEDIUM] CWE-264 CVE-2014-4441: NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled.