About the security content of OS X Mavericks v10.9.4 and Security Update 2014-003

This document describes the security content of OS X Mavericks v10.9.4 and Security Update 2014-003.

This update can be downloaded and installed using Software Update or from the Apple Support website.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see Apple Security Updates.

Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5.

OS X Mavericks v10.9.4 and Security Update 2014-003

  • Certificate Trust Policy

    Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3

    Impact: Update to the certificate trust policy

    Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005.

  • copyfile

    Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3

    Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution

    Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP

  • curl

    Available for: OS X Mavericks 10.9 to 10.9.3

    Impact: A remote attacker may be able to gain access to another user's session

    Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session.

    CVE-ID

    CVE-2014-0015

  • Dock

    Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3

    Impact: A sandboxed application may be able to circumvent sandbox restrictions

    Description: An unvalidated array index issue existed in the Dock’s handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution.

    CVE-ID

    CVE-2014-1371 : an anonymous researcher working with HP's Zero Day Initiative

  • Graphics Driver

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3

    Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomization

    Description: An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-1372 : Ian Beer of Google Project Zero

  • iBooks Commerce

    Available for: OS X Mavericks 10.9 to 10.9.3

    Impact: An attacker with access to a system may be able to recover Apple ID credentials

    Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials.

    CVE-ID

    CVE-2014-1317 : Steve Dunham

  • Intel Graphics Driver

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: A validation issue existed in the handling of an OpenGL API call. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-1373 : Ian Beer of Google Project Zero

  • Intel Graphics Driver

    Available for: OS X Mavericks 10.9 to 10.9.3

    Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization

    Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by removing the pointer from the object.

    CVE-ID

    CVE-2014-1375

  • Intel Compute

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: A validation issue existed in the handling of an OpenCL API call. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-1376 : Ian Beer of Google Project Zero

  • IOAcceleratorFamily

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-1377 : Ian Beer of Google Project Zero

  • IOGraphicsFamily

    Available for: OS X Mavericks 10.9 to 10.9.3

    Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization

    Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer.

    CVE-ID

    CVE-2014-1378

  • IOReporting

    Available for: OS X Mavericks 10.9 to 10.9.3

    Impact: A local user could cause an unexpected system restart

    Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments.

    CVE-ID

    CVE-2014-1355 : cunzhang from Adlab of Venustech

  • launchd

    Available for: OS X Mavericks 10.9 to 10.9.3

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-1359 : Ian Beer of Google Project Zero

  • launchd

    Available for: OS X Mavericks 10.9 to 10.9.3

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-1356 : Ian Beer of Google Project Zero

  • launchd

    Available for: OS X Mavericks 10.9 to 10.9.3

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-1357 : Ian Beer of Google Project Zero

  • launchd

    Available for: OS X Mavericks 10.9 to 10.9.3

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-1358 : Ian Beer of Google Project Zero

  • Graphics Drivers

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges.

    CVE-ID

    CVE-2014-1379 : Ian Beer of Google Project Zero

  • Security - Keychain

    Available for: OS X Mavericks 10.9 to 10.9.3

    Impact: An attacker may be able to type into windows under the screen lock

    Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management.

    CVE-ID

    CVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC

  • Security - Secure Transport

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3

    Impact: Two bytes of memory could be disclosed to a remote attacker

    Description: An uninitialized memory access issue existing in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection.

    CVE-ID

    CVE-2014-1361 : Thijs Alkemade of The Adium Project

  • Thunderbolt

    Available for: OS X Mavericks 10.9 to 10.9.3

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: An out of bounds memory access issue existed in the handling of IOThunderBoltController API calls. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-1381 : Sarah aka winocm

Entry updated February 3, 2020

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Datum zveřejnění: