This issue was addressed through improved memory handling.
#MAC OS X FUSE 10.4 CODE#
Impact: A malicious application may be able to execute arbitrary code with system privilegesĭescription: A memory corruption issue existed in the handling of certain Thunderbolt commands from local processes. This issue was addressed through improved memory handling.ĬVE-2015-3677 : an anonymous researcher working with HP's Zero Day Initiative This issue was addressed through improved bounds checking.Īvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3ĭescription: An issue existed in LZVN compression that could have led to the disclosure of kernel memory content. Impact: A malicious application may be able to determine kernel memory layoutĭescription: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. These were addressed by updating PHP to versions 5.5.24 and 5.4.40. Impact: Multiple vulnerabilities exist in PHP, the most serious of which may lead to arbitrary code executionĭescription: Multiple vulnerabilities existed in PHP versions prior to 5.5.24 and 5.4.40. This issue was addressed by enabling mod_hfs_apple. If Apache was manually enabled and the configuration was not changed, some files that should not be accessible might have been accessible using a specially crafted URL.
Impact: An attacker may be able to access directories that are protected with HTTP authentication without knowing the correct credentialsĭescription: The default Apache configuration did not include mod_hfs_apple. This issue was addressed through improved memory handling.ĬVE-2015-3674 : Dean Jerkovich of NCC Group Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code executionĭescription: A memory corruption issue existed in the AFP server. This issue was addressed by limiting the disk location that writeconfig clients may be executed from.ĬVE-2015-3673 : Patrick Wardle of Synack, Emil Kvarnhammar at TrueSec Impact: An attacker may abuse Directory Utility to gain root privilegesĭescription: Directory Utility was able to be moved and modified to achieve code execution within an entitled process. This issue was addressed through improved error checking.ĬVE-2015-3672 : Emil Kvarnhammar at TrueSecĪvailable for: OS X Yosemite v10.10 to v10.10.3 Impact: A non-admin user may obtain admin rightsĭescription: An issue existed in the handling of user authentication. This issue was addressed through improved entitlement checking.ĬVE-2015-3671 : Emil Kvarnhammar at TrueSec Impact: A process may gain admin privileges without proper authenticationĭescription: An issue existed when checking XPC entitlements. Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
0 kommentar(er)
