Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.1617
OS X Mavericks 10.9.5 and Security Update 2014-004
18 September 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: OS X Mavericks
Publisher: Apple
Operating System: OS X
Impact/Access: Root Compromise -- Remote with User Interaction
Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Access Privileged Data -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2014-4979 CVE-2014-4416 CVE-2014-4403
CVE-2014-4402 CVE-2014-4401 CVE-2014-4400
CVE-2014-4399 CVE-2014-4398 CVE-2014-4397
CVE-2014-4396 CVE-2014-4395 CVE-2014-4394
CVE-2014-4393 CVE-2014-4390 CVE-2014-4389
CVE-2014-4388 CVE-2014-4381 CVE-2014-4379
CVE-2014-4378 CVE-2014-4377 CVE-2014-4376
CVE-2014-4374 CVE-2014-4350 CVE-2014-4049
CVE-2014-3981 CVE-2014-3515 CVE-2014-3487
CVE-2014-3480 CVE-2014-3479 CVE-2014-3478
CVE-2014-3470 CVE-2014-2525 CVE-2014-2270
CVE-2014-1943 CVE-2014-1391 CVE-2014-0238
CVE-2014-0237 CVE-2014-0224 CVE-2014-0221
CVE-2014-0207 CVE-2014-0195 CVE-2014-0185
CVE-2014-0076 CVE-2013-7345
Reference: ASB-2014.0077
ESB-2014.1615
ESB-2014.1226
ESB-2014.0991
ESB-2014.0887
ESB-2014.0199
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update
2014-004
OS X Mavericks 10.9.5 and Security Update 2014-004 are now available
and address the following:
apache_mod_php
Available for: OS X Mavericks 10.9 to 10.9.4
Impact: Multiple vulnerabilities in PHP 5.4.24
Description: Multiple vulnerabilities existed in PHP 5.4.24, the
most serious of which may have led to arbitrary code execution. This
update addresses the issues by updating PHP to version 5.4.30
CVE-ID
CVE-2013-7345
CVE-2014-0185
CVE-2014-0207
CVE-2014-0237
CVE-2014-0238
CVE-2014-1943
CVE-2014-2270
CVE-2014-3478
CVE-2014-3479
CVE-2014-3480
CVE-2014-3487
CVE-2014-3515
CVE-2014-3981
CVE-2014-4049
Bluetooth
Available for: OS X Mavericks 10.9 to 10.9.4
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of a
Bluetooth API call. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4390 : Ian Beer of Google Project Zero
CoreGraphics
Available for: OS X Mavericks 10.9 to 10.9.4
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or an information disclosure
Description: An out of bounds memory read existed in the handling of
PDF files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with
the iSIGHT Partners GVP Program
CoreGraphics
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with
the iSIGHT Partners GVP Program
Foundation
Available for: OS X Mavericks 10.9 to 10.9.4
Impact: An application using NSXMLParser may be misused to disclose
information
Description: An XML External Entity issue existed in NSXMLParser's
handling of XML. This issue was addressed by not loading external
entities across origins.
CVE-ID
CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 to 10.9.4
Impact: Compiling untrusted GLSL shaders may lead to an unexpected
application termination or arbitrary code execution
Description: A user-space buffer overflow existed in the shader
compiler. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4393 : Apple
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 to 10.9.4
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple validation issues existed in some integrated
graphics driver routines. These issues were addressed through
improved bounds checking.
CVE-ID
CVE-2014-4394 : Ian Beer of Google Project Zero
CVE-2014-4395 : Ian Beer of Google Project Zero
CVE-2014-4396 : Ian Beer of Google Project Zero
CVE-2014-4397 : Ian Beer of Google Project Zero
CVE-2014-4398 : Ian Beer of Google Project Zero
CVE-2014-4399 : Ian Beer of Google Project Zero
CVE-2014-4400 : Ian Beer of Google Project Zero
CVE-2014-4401 : Ian Beer of Google Project Zero
CVE-2014-4416 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 to 10.9.4
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in the handling of
IOKit API arguments. This issue was addressed through improved
validation of IOKit API arguments.
CVE-ID
CVE-2014-4376 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mavericks 10.9 to 10.9.4
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An out-of-bounds read issue existed in the handling of
an IOAcceleratorFamily function. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-4402 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 to 10.9.4
Impact: A local user can read kernel pointers, which can be used to
bypass kernel address space layout randomization
Description: An out-of-bounds read issue existed in the handling of
an IOHIDFamily function. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-4379 : Ian Beer of Google Project Zero
IOKit
Available for: OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 to 10.9.4
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4388 : @PanguTeam
IOKit
Available for: OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 to 10.9.4
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mavericks 10.9 to 10.9.4
Impact: A local user can infer kernel addresses and bypass kernel
address space layout randomization
Description: In some cases, the CPU Global Descriptor Table was
allocated at a predictable address. This issue was addressed through
always allocating the Global Descriptor Table at random addresses.
CVE-ID
CVE-2014-4403 : Ian Beer of Google Project Zero
Libnotify
Available for: OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 to 10.9.4
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: An out-of-bounds write issue existed in Libnotify. This
issue was addressed through improved bounds checking
CVE-ID
CVE-2014-4381 : Ian Beer of Google Project Zero
OpenSSL
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4
Impact: Multiple vulnerabilities in OpenSSL 0.9.8y, including one
that may lead to arbitrary code execution
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8y.
This update was addressed by updating OpenSSL to version 0.9.8za.
CVE-ID
CVE-2014-0076
CVE-2014-0195
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470
QT Media Foundation
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
RLE encoded movie files. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-1391 : Fernando Munoz working with iDefense VCP, Tom
Gallagher & Paul Bates working with HP's Zero Day Initiative
QT Media Foundation
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4
Impact: Playing a maliciously crafted MIDI file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of MIDI
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4350 : s3tm3m working with HP's Zero Day Initiative
QT Media Foundation
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
the 'mvhd' atoms. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4979 : Andrea Micalizzi aka rgod working with HP's Zero Day
Initiative
ruby
Available for: OS X Mavericks 10.9 to 10.9.4
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A heap buffer overflow existed in LibYAML's handling of
percent-encoded characters in a URI. This issue was addressed through
improved bounds checking. This update addresses the issues by
updating LibYAML to version 0.1.6
CVE-ID
CVE-2014-2525
Note: OS X Mavericks 10.9.5 includes the security content of
Safari 7.0.6: http://support.apple.com/kb/HT6367
OS X Mavericks v10.9.5 and Security Update 2014-004 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUGkP0AAoJEBcWfLTuOo7tygQP/1vHYXtWy6492Tjj6ycymWa+
Ct0eCCBU/AUi5ODNDeV9ddWkuFeXKbgQSHoPU19IPcIBAKnYUupVJSJ/cEHfSthh
CiROjJw8Bt8comn04BgggHieLveN1xQCXQDcO29kBIpQr394XKS0lNXP//Z0oG5V
sCnEDPz/0R92mwT5XkKD9WC7G/WjybS5V7BjEbdzDOn4qdTVje05xI5pof+fkeQ1
hFHo7uTCDkSzLH2YxrQHifNVyItz8AgnNHwH7zc6XmNtiNFkiFP/KU6BYyr8WiTQ
Jb3pyLB/Xvmbd0kuETnDNvV0oJc88G38a++xZPnuM7zQrW/TQkkKQpiqKtYAiJuw
ZhUoky620/7HULegcYtsTyuDFyEN6whdSmHLFCJzk2oZXZ7MPA8ywCFB8Y79rohW
5MTe/zVUSxxYBgVXpkmhPwXYSTINeUJGJA1RQtXhC2Hh6O2jeqJP2H0hTmgsCBRA
3X/2CGoyAAgoKTJwgXk07tBbJWf+wQwAvUN9L1Yph+uOvvUzqFt8LNEGw9jVPsZl
QHcSEW/Ef/HK/OLwVZiPqse6lRJAdRZl5//vm4408jnXfJCy6KnvxcsO4Z1yTyoP
kCXdWlSLBiidcRRWBfoQBSC3gANcx9a56ItWieEvJrdNOiyhb+gqEk7XraOlb/gf
k4w2RKNm0Fv+kdNoFAnd
=gpVc
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVBp6ABLndAQH1ShLAQJp/A/+MjRW+kMlzRLOxLQnMdafSN/owI/9a4XA
6kpJufNspm/GWBl8p367xirXR9AIcO24SO3+gNYRA2x9CIZLED78NjtQ7IZJpJL6
zpnVPE1AnBZOGkn+Ivm1lKYpPVRqz9gnN9tLsGAgKn6y6cB2UhsFVp1EdP3nLEr3
PTIh1z9jzxYh62dVeMOCckfFKD4HnakE+/2NHDyEZ539P4rd3qc7CFz17cwTJ2wU
u1YgyoYK0iw/LKqCkPYZyF/n7R/EIt5+sMSQ4oRtXFWADc/BN8JheRaTOJdULqPM
KL7zQ3lwMIbkomZpcbWGDT9B5HMlfRsA/adv4EV222j+8vx4ibk5LYD+V13ySYtT
FlsCXZrhgUrgDogdJgj1yKbIFtMRUkYCMT8+cqK5CSau5Qd268yDTLaGGbt/f68E
wlC99ByX/KUzsQ7OZxjf+kFqv9D/XvuQt/T/pWKFzaAePRbAUVULiRi3ibKm7+BP
Npyz9GFdsKacyLGAOuKTfsfpFKll2AXL/tR0z1mOHxPKXj7R0WF9hs47rNFK7X62
mhcfoi1KlaK3oDLW+l3V4+Z129jqC8pHLZ/PJG82NJkabuI5k8ZAifIVmeNxUPx1
g7Tl5iyaw5j+/76Auk8HAmmc+0NJTfwUMZ11xL9SMDbdAU4nYU9owAIMr5JSB/UK
+2kzyAkeROc=
=lpr6
-----END PGP SIGNATURE-----