About the security content of OS X Mavericks v10.9.5 and Security Update 2014-004
This document describes the security content of OS X Mavericks v10.9.5 and Security Update 2014-004.
This update can be downloaded and installed using Software Update or from the Apple Support website.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see Apple Security Updates.
Note: OS X Mavericks v10.9.5 includes the security content of Safari 7.0.6.
OS X Mavericks v10.9.5 and Security Update 2014-004
apache_mod_php
Available for: OS X Mavericks v10.9 to v10.9.4
Impact: Multiple vulnerabilities in PHP 5.4.24
Description: Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30
CVE-ID
CVE-2013-7345
CVE-2014-0185
CVE-2014-0207
CVE-2014-0237
CVE-2014-0238
CVE-2014-1943
CVE-2014-2270
CVE-2014-3478
CVE-2014-3479
CVE-2014-3480
CVE-2014-3487
CVE-2014-3515
CVE-2014-3981
CVE-2014-4049
Bluetooth
Available for: OS X Mavericks v10.9 to v10.9.4
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A validation issue existed in the handling of a Bluetooth API call. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4390 : Ian Beer of Google Project Zero
CoreGraphics
Available for: OS X Mavericks v10.9 to v10.9.4
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or an information disclosure
Description: An out of bounds memory read existed in the handling of PDF files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program
CoreGraphics
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program
Foundation
Available for: OS X Mavericks v10.9 to v10.9.4
Impact: An application using NSXMLParser may be misused to disclose information
Description: An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins.
CVE-ID
CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4
Impact: Compiling untrusted GLSL shaders may lead to an unexpected application termination or arbitrary code execution
Description: A user-space buffer overflow existed in the shader compiler. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4393 : Apple
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: Multiple validation issues existed in some integrated graphics driver routines. These issues were addressed through improved bounds checking.
CVE-ID
CVE-2014-4394 : Ian Beer of Google Project Zero
CVE-2014-4395 : Ian Beer of Google Project Zero
CVE-2014-4396 : Ian Beer of Google Project Zero
CVE-2014-4397 : Ian Beer of Google Project Zero
CVE-2014-4398 : Ian Beer of Google Project Zero
CVE-2014-4399 : Ian Beer of Google Project Zero
CVE-2014-4400 : Ian Beer of Google Project Zero
CVE-2014-4401 : Ian Beer of Google Project Zero
CVE-2014-4416 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through improved validation of IOKit API arguments.
CVE-ID
CVE-2014-4376 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mavericks v10.9 to v10.9.4
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: An out-of-bounds read issue existed in the handling of an IOAcceleratorFamily function. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4402 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4
Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization
Description: An out-of-bounds read issue existed in the handling of an IOHIDFamily function. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4379 : Ian Beer of Google Project Zero
IOKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata.
CVE-ID
CVE-2014-4388 : @PanguTeam
IOKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mavericks v10.9 to v10.9.4
Impact: A local user can infer kernel addresses and bypass kernel address space layout randomization
Description: In some cases, the CPU Global Descriptor Table was allocated at a predictable address. This issue was addressed through always allocating the Global Descriptor Table at random addresses.
CVE-ID
CVE-2014-4403 : Ian Beer of Google Project Zero
Libnotify
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4
Impact: A malicious application may be able to execute arbitrary code with root privileges
Description: An out-of-bounds write issue existed in Libnotify. This issue was addressed through improved bounds checking
CVE-ID
CVE-2014-4381 : Ian Beer of Google Project Zero
OpenSSL
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4
Impact: Multiple vulnerabilities in OpenSSL 0.9.8y, including one that may lead to arbitrary code execution
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8y. This update was addressed by updating OpenSSL to version 0.9.8za.
CVE-ID
CVE-2014-0076
CVE-2014-0195
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470
QT Media Foundation
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4
Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of RLE encoded movie files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1391 : Fernando Munoz working with iDefense VCP, Tom Gallagher & Paul Bates working with HP's Zero Day Initiative
QT Media Foundation
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4
Impact: Playing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of MIDI files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4350 : s3tm3m working with HP's Zero Day Initiative
QT Media Foundation
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4
Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of the 'mvhd' atoms. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4979 : Andrea Micalizzi aka rgod working with HP's Zero Day Initiative
ruby
Available for: OS X Mavericks v10.9 to v10.9.4
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A heap buffer overflow existed in LibYAML's handling of percent-encoded characters in a URI. This issue was addressed through improved bounds checking. This update addresses the issues by updating LibYAML to version 0.1.6
CVE-ID
CVE-2014-2525
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.