Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » Apple 2015-001

Overview

Id Apple 2015-001
Name Apple 2015-001 Security Update for Mac OS X 10.9.5 (HT204244)
Vendor Name apple
Product OSX
Content Type Critical Critical
Language(s)
Operating System(s) OSX 
Released On 27 Jan 2015 12:00:00

Apple 2015-001

Apple 2015-001 Security Update for Mac OS X 10.9.5 (HT204244)

Vendor Name

apple

Product

OSX

Released On

27 Jan 2015 12:00:00

Url

http://support.apple.com/kb/HT204244

Description

OS X Mavericks (version 10.9) is the tenth major release of OS X, Apple Inc.'s desktop and server operating system for Macintosh computers.

Security Update 2015-001 addresses the following security issues:

  • CVE-2014-4426: A remote attacker may be able to determine all the network addresses of the system
  • CVE-2014-4481, CVE-2014-8816, CVE-2014-4483: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
  • CVE-2014-4484: Processing a maliciously crafted .dfont file may lead to an unexpected application termination or arbitrary code execution
  • CVE-2014-4485: Viewing a maliciously crafted XML file may lead to an unexpected application termination or arbitrary code execution
  • CVE-2014-8819, CVE-2014-8820, CVE-2014-8821: Multiple vulnerabilities in Intel graphics driver
  • CVE-2014-4486, CVE-2014-4487, CVE-2014-4488, CVE-2014-4497, CVE-2014-8817, CVE-2014-4495, CVE-2014-8824, CVE-2014-4461, CVE-2014-4489: A malicious application may be able to execute arbitrary code with system privileges
  • CVE-2014-8822: Executing a malicious application may result in arbitrary code execution within the kernel
  • CVE-2011-2391: A person with a privileged network position may cause a denial of service
  • CVE-2014-4491: Maliciously crafted or compromised applications may be able to determine addresses in the kernel
  • CVE-2014-8826: A malicious JAR file may bypass Gatekeeper checks
  • CVE-2014-4492: A malicious, sandboxed app can compromise the networkd daemon
  • CVE-2014-8827: A Mac may not lock immediately upon wake
  • CVE-2014-8517: Using the command line ftp tool to fetch files from a malicious http server may lead to arbitrary code execution
  • CVE-2014-3566, CVE-2014-3567, CVE-2014-3568: Multiple vulnerabilities in OpenSSL 0.9.8za, including one that may allow an attacker to downgrade connections to use weaker cipher-suites in applications using the library
  • CVE-2014-8828: A sandboxed process may be able to circumvent sandbox restrictions
  • CVE-2014-8829: A malicious application could execute arbitrary code leading to compromise of user information
  • CVE-2014-8830: Viewing a maliciously crafted Collada file may lead to an unexpected application termination or arbitrary code execution
  • CVE-2014-8838: A downloaded application signed with a revoked Developer ID certificate may pass Gatekeeper checks
  • CVE-2014-8831: An app may access keychain items belonging to other apps
  • CVE-2014-8832: Spotlight may save unexpected information to an external hard drive
  • CVE-2014-8835: A malicious application may be able to execute arbitrary code with root privileges
  • Related Resources

    Related Vulnerabilities

    CVE-2011-2391   CVE-2014-3566   CVE-2014-3567   CVE-2014-3568   CVE-2014-4426   CVE-2014-4461   CVE-2014-4481   CVE-2014-4483   CVE-2014-4484   CVE-2014-4485   CVE-2014-4486   CVE-2014-4487   CVE-2014-4488   CVE-2014-4489   CVE-2014-4491   CVE-2014-4492   CVE-2014-4495   CVE-2014-4497   CVE-2014-8517   CVE-2014-8816   CVE-2014-8817   CVE-2014-8819   CVE-2014-8820   CVE-2014-8821   CVE-2014-8822   CVE-2014-8824   CVE-2014-8826   CVE-2014-8827   CVE-2014-8828   CVE-2014-8829   CVE-2014-8830   CVE-2014-8831   CVE-2014-8832   CVE-2014-8835   CVE-2014-8838  

    Related Patches

    Superseded Patches


    Last Updated: 27 May 2016 11:21:33