KLA10540 Multiple vulnerability in Apple OS X

Multiple serious vulnerabilities have been found in Apple OS X. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, bypass security restrictions, execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

1. Unsafe password storage can be exploited remotely via files manipulation;
2. Unencrypted requests sending can be exploited remotely via network manipulations;
3. Improper signatures validation can be exploited locally via a specially designed bundle;
4. Buffer overdlow can be exploited locally via a specially designed Uniform Type Identifier and other unspecified vectors;
5. Unknown vulnerabilities can be exploited locally via a specially designed .SGI file, localized strings or localization data;
6. Unknown vulnerabilities can be exploited locally via an unspecified vectors related to NVIDIA graphics, Apple Type Services, kernel and Hypervisor;
7. Use-adter-free vulnerability cab ve exloited remotely via mutex manipulations.

Original advisories

Apple advisory

Exploitation

Public exploits exist for this vulnerability.

Related products

Apple-OS-X

CVE list

CVE-2015-1140 high

CVE-2015-1139 high

CVE-2015-1145 warning

CVE-2015-1148 critical

CVE-2015-1147 critical

CVE-2015-1146 warning

CVE-2015-1138 warning

CVE-2015-1144 high

CVE-2015-1143 high

CVE-2015-1142 warning

CVE-2015-1141 warning

CVE-2015-1135 high

CVE-2015-1133 high

CVE-2015-1136 high

CVE-2015-1134 high

CVE-2015-1137 high

Solution

Update to the latest versions

Get OS X

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Apple OS X versions earlier than 10.10.3