Apple macOS vulnerabilities

CVE-2014-4398 [MEDIUM] CVE-2014-4398: An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4399, CVE-

CVE-2014-4394 [MEDIUM] CWE-20 CVE-2014-4394: An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-439

CVE-2014-1391 [MEDIUM] CWE-119 CVE-2014-1391: QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.

CVE-2014-4397 [MEDIUM] CVE-2014-4397: An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4398, CVE-2014-4399, CVE-

CVE-2014-4403 [LOW] CWE-200 CVE-2014-4403: The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information an The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table.

CVE-2014-4380 [CRITICAL] CWE-119 CVE-2014-4380: The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds che The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application.

CVE-2014-4381 [CRITICAL] CWE-119 CVE-2014-4381: Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operatio Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application.

CVE-2014-4405 [CRITICAL] CVE-2014-4405: IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code i IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties.

CVE-2014-4389 [CRITICAL] CWE-189 CVE-2014-4389: Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute ar Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.

CVE-2014-4375 [HIGH] CVE-2014-4375: Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain pri Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.

CVE-2014-4404 [HIGH] CWE-787 CVE-2014-4404: Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attacke Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.

CVE-2014-4388 [HIGH] CWE-20 CVE-2014-4388: IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object meta IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418.

CVE-2014-4379 [HIGH] CWE-119 CVE-2014-4379: An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application.

CVE-2014-4414 [MEDIUM] CWE-119 CVE-2014-4414: WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbi WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.

CVE-2014-4412 [MEDIUM] CWE-119 CVE-2014-4412: WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbi WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.

CVE-2014-4413 [MEDIUM] CWE-119 CVE-2014-4413: WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbi WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.

CVE-2014-4373 [MEDIUM] CVE-2014-4373: The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.

CVE-2014-4378 [MEDIUM] CWE-119 CVE-2014-4378: CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document.

CVE-2014-4374 [MEDIUM] CVE-2014-4374: NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML dat NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVE-2014-4411 [MEDIUM] CWE-119 CVE-2014-4411: WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbi WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.