About the security content of OS X Mavericks v10.9.5 and Security Update 2014-004

This document describes the security content of OS X Mavericks v10.9.5 and Security Update 2014-004.

This update can be downloaded and installed using Software Update or from the Apple Support website.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see Apple Security Updates.

Note: OS X Mavericks v10.9.5 includes the security content of Safari 7.0.6.

OS X Mavericks v10.9.5 and Security Update 2014-004

  • apache_mod_php

    Available for: OS X Mavericks v10.9 to v10.9.4

    Impact: Multiple vulnerabilities in PHP 5.4.24

    Description: Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30

    CVE-ID

    CVE-2013-7345

    CVE-2014-0185

    CVE-2014-0207

    CVE-2014-0237

    CVE-2014-0238

    CVE-2014-1943

    CVE-2014-2270

    CVE-2014-3478

    CVE-2014-3479

    CVE-2014-3480

    CVE-2014-3487

    CVE-2014-3515

    CVE-2014-3981

    CVE-2014-4049

  • Bluetooth

    Available for: OS X Mavericks v10.9 to v10.9.4

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: A validation issue existed in the handling of a Bluetooth API call. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-4390 : Ian Beer of Google Project Zero

  • CoreGraphics

    Available for: OS X Mavericks v10.9 to v10.9.4

    Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or an information disclosure

    Description: An out of bounds memory read existed in the handling of PDF files. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program

  • CoreGraphics

    Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4

    Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

    Description: An integer overflow existed in the handling of PDF files. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program

  • Foundation

    Available for: OS X Mavericks v10.9 to v10.9.4

    Impact: An application using NSXMLParser may be misused to disclose information

    Description: An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins.

    CVE-ID

    CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)

  • Intel Graphics Driver

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4

    Impact: Compiling untrusted GLSL shaders may lead to an unexpected application termination or arbitrary code execution

    Description: A user-space buffer overflow existed in the shader compiler. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-4393 : Apple

  • Intel Graphics Driver

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: Multiple validation issues existed in some integrated graphics driver routines. These issues were addressed through improved bounds checking.

    CVE-ID

    CVE-2014-4394 : Ian Beer of Google Project Zero

    CVE-2014-4395 : Ian Beer of Google Project Zero

    CVE-2014-4396 : Ian Beer of Google Project Zero

    CVE-2014-4397 : Ian Beer of Google Project Zero

    CVE-2014-4398 : Ian Beer of Google Project Zero

    CVE-2014-4399 : Ian Beer of Google Project Zero

    CVE-2014-4400 : Ian Beer of Google Project Zero

    CVE-2014-4401 : Ian Beer of Google Project Zero

    CVE-2014-4416 : Ian Beer of Google Project Zero

  • IOAcceleratorFamily

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through improved validation of IOKit API arguments.

    CVE-ID

    CVE-2014-4376 : Ian Beer of Google Project Zero

  • IOAcceleratorFamily

    Available for: OS X Mavericks v10.9 to v10.9.4

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: An out-of-bounds read issue existed in the handling of an IOAcceleratorFamily function. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-4402 : Ian Beer of Google Project Zero

  • IOHIDFamily

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4

    Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization

    Description: An out-of-bounds read issue existed in the handling of an IOHIDFamily function. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-4379 : Ian Beer of Google Project Zero

  • IOKit

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata.

    CVE-ID

    CVE-2014-4388 : @PanguTeam

  • IOKit

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-4389 : Ian Beer of Google Project Zero

  • Kernel

    Available for: OS X Mavericks v10.9 to v10.9.4

    Impact: A local user can infer kernel addresses and bypass kernel address space layout randomization

    Description: In some cases, the CPU Global Descriptor Table was allocated at a predictable address. This issue was addressed through always allocating the Global Descriptor Table at random addresses.

    CVE-ID

    CVE-2014-4403 : Ian Beer of Google Project Zero

  • Libnotify

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4

    Impact: A malicious application may be able to execute arbitrary code with root privileges

    Description: An out-of-bounds write issue existed in Libnotify. This issue was addressed through improved bounds checking

    CVE-ID

    CVE-2014-4381 : Ian Beer of Google Project Zero

  • OpenSSL

    Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4

    Impact: Multiple vulnerabilities in OpenSSL 0.9.8y, including one that may lead to arbitrary code execution

    Description: Multiple vulnerabilities existed in OpenSSL 0.9.8y. This update was addressed by updating OpenSSL to version 0.9.8za.

    CVE-ID

    CVE-2014-0076

    CVE-2014-0195

    CVE-2014-0221

    CVE-2014-0224

    CVE-2014-3470

  • QT Media Foundation

    Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4

    Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in the handling of RLE encoded movie files. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-1391 : Fernando Munoz working with iDefense VCP, Tom Gallagher & Paul Bates working with HP's Zero Day Initiative

  • QT Media Foundation

    Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4

    Impact: Playing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in the handling of MIDI files. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-4350 : s3tm3m working with HP's Zero Day Initiative

  • QT Media Foundation

    Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4

    Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in the handling of the 'mvhd' atoms. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-4979 : Andrea Micalizzi aka rgod working with HP's Zero Day Initiative

  • ruby

    Available for: OS X Mavericks v10.9 to v10.9.4

    Impact: A remote attacker may be able to cause arbitrary code execution

    Description: A heap buffer overflow existed in LibYAML's handling of percent-encoded characters in a URI. This issue was addressed through improved bounds checking. This update addresses the issues by updating LibYAML to version 0.1.6

    CVE-ID

    CVE-2014-2525

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Datum objave: