Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » LM15-0009

Overview

Id LM15-0009
Name Apple Yosemite 10.10.2 Update (Combo) for Mac OS X (HT204244) (Rev 2)
Vendor Name apple
Product OSX
Content Type Critical - 01 Critical - 01
Language(s)
Operating System(s) OSX 
Released On 27 Jan 2015 12:00:00

LM15-0009

Apple Yosemite 10.10.2 Update (Combo) for Mac OS X (HT204244) (Rev 2)

Vendor Name

apple

Product

OSX

Released On

27 Jan 2015 12:00:00

Url

http://support.apple.com/kb/HT204244

Description

The OS X Yosemite 10.10.2 update is recommended for all Yosemite users. It improves the stability and compatibility of your Mac.

Yosemite 10.10.2 addresses the following security issues:

  • CVE-2014-6277, CVE-2014-7186, CVE-2014-7187: Multiple vulnerabilities in bash, including one that may allow local attackers to execute arbitrary code
  • CVE-2014-4460: Website cache may not be fully cleared after leaving private browsing
  • CVE-2014-4483, CVE-2014-4481: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
  • CVE-2014-4498: A malicious Thunderbolt device may be able to affect firmware flashing
  • CVE-2014-4499: An attacker with access to a system may be able to recover Apple ID credentials
  • CVE-2014-1595: Some third-party applications with non-secure text entry and mouse events may log those events
  • CVE-2014-4484: Processing a maliciously crafted .dfont file may lead to an unexpected application termination or arbitrary code execution
  • CVE-2014-4485: Viewing a maliciously crafted XML file may lead to an unexpected application termination or arbitrary code execution
  • CVE-2014-8819, CVE-2014-8820, CVE-2014-8821: Multiple vulnerabilities in Intel graphics driver
  • CVE-2014-4486, CVE-2014-4487, CVE-2014-4488, CVE-2014-4389, CVE-2014-4495, CVE-2014-8824, CVE-2014-4461, CVE-2014-8836, CVE-2014-8837, CVE-2014-8817, CVE-2014-4489: A malicious application may be able to execute arbitrary code with system privileges
  • CVE-2014-8822: Executing a malicious application may result in arbitrary code execution within the kernel
  • CVE-2014-8823: A privileged application may be able to read arbitrary data from kernel memory
  • CVE-2014-8825: A local attacker can spoof directory service responses to the kernel, elevate privileges, or gain kernel execution
  • CVE-2014-4371, CVE-2014-4419, CVE-2014-4420, CVE-2014-4421: A local user may be able to determine kernel memory layout
  • CVE-2014-4491: Maliciously crafted or compromised applications may be able to determine addresses in the kernel
  • CVE-2014-8826: A malicious JAR file may bypass Gatekeeper checks
  • CVE-2014-4492: A malicious, sandboxed app can compromise the networkd daemon
  • CVE-2014-8827: A Mac may not lock immediately upon wake
  • CVE-2014-8517: Using the command line ftp tool to fetch files from a malicious http server may lead to arbitrary code execution
  • CVE-2014-3566,CVE-2014-3567, CVE-2014-3568: Multiple vulnerabilities in OpenSSL 0.9.8za, including one that may allow an attacker to downgrade connections to use weaker cipher-suites in applications using the library
  • CVE-2014-8830: Viewing a maliciously crafted Collada file may lead to an unexpected application termination or arbitrary code execution
  • CVE-2014-8838: A downloaded application signed with a revoked Developer ID certificate may pass Gatekeeper checks
  • CVE-2014-8831: An app may access keychain items belonging to other apps
  • More details can be found on the more info URL
  • Revision Information
    Revision 2: Modified based on re-release by Apple. The installer package has been updated to correct an issue where the update may fail to install on OS X 10.10.1.

    Related Resources

    Related Vulnerabilities

    CVE-2014-1595   CVE-2014-3192   CVE-2014-3566   CVE-2014-3567   CVE-2014-3568   CVE-2014-4371   CVE-2014-4389   CVE-2014-4419   CVE-2014-4420   CVE-2014-4421   CVE-2014-4460   CVE-2014-4461   CVE-2014-4476   CVE-2014-4477   CVE-2014-4479   CVE-2014-4481   CVE-2014-4483   CVE-2014-4484   CVE-2014-4485   CVE-2014-4486   CVE-2014-4487   CVE-2014-4488   CVE-2014-4489   CVE-2014-4491   CVE-2014-4492   CVE-2014-4495   CVE-2014-4498   CVE-2014-4499   CVE-2014-6277   CVE-2014-7186   CVE-2014-7187   CVE-2014-8517   CVE-2014-8817   CVE-2014-8819   CVE-2014-8820   CVE-2014-8821   CVE-2014-8822   CVE-2014-8823   CVE-2014-8824   CVE-2014-8825   CVE-2014-8826   CVE-2014-8827   CVE-2014-8830   CVE-2014-8831   CVE-2014-8832   CVE-2014-8833   CVE-2014-8834   CVE-2014-8835   CVE-2014-8836   CVE-2014-8837   CVE-2014-8838   CVE-2014-8839  

    Related Patches

    Superseded Patches

    None


    Last Updated: 27 May 2016 11:21:26