Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.2657 APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002 22 October 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Mac EFI Publisher: Apple Operating System: OS X Impact/Access: Execute Arbitrary Code/Commands -- Console/Physical Resolution: Patch/Upgrade CVE Names: CVE-2015-7035 Original Bulletin: https://support.apple.com/en-au/HT204934 - --------------------------BEGIN INCLUDED TEXT-------------------- APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002 Mac EFI Security Update 2015-002 is now available and addresses the following: EFI Available for: OS X Mavericks v10.9.5 Impact: An attacker can exercise unused EFI functions Description: An issue existed with EFI argument handling. This was addressed by removing the affected functions. CVE-ID CVE-2015-7035 : Corey Kallenberg, Xeno Kovah, John Butterworth, and Sam Cornwell of The MITRE Corporation, coordinated via CERT Installation note: Mac EFI Security Update 2015-002 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVihKrX6ZAP0PgtI9AQKCug/7BnB+sHsYnEqV8xtkmcOifZDAUkL2uNy6 97PKbQeWZv73W8KnNsUN/dlcO02tokGtTqrRhIMYERTMruFIuMJ6WM4N2D4ePR7o EDbISekZcSwKgyv9Uz7BrK2iIUD5dVPNGtnE+gaoi/IpZzTMlbWJXGye6cYy+f8e tQy1H/qT2kzMs+nrLXhwDJfp4qkg0/Y3ZWD6oJCwQwMdvvL3ouYYftlxKZwnFbGy w4GnLE0XuNg+/iw0J6vg4dvadkL9hFvecFgbBqitF7CnoIrWyaRnETvEi+TTnJje D541NYBD3HLJrXxPaTodPkfXPfcZ2teojcMNBwnaHmbFd2LjdeHAilrjIkU09cpX l3D9LfQJ93Hhn+XAsVyymgXGC1kq7J0RibksXggvyJ8B6ZfHBzjkAzYmaU2teDXs B570W/FVKt3YFVt4Jmf0EgtTDiLUKge8+aWbr0FhHdXIk4riOfggzyoDIkE3KEIe bjh6e+fUk/scBJSbWVJXsElF3u5H46LD7kaPvqEGdfcowhzC0w1+qoLOiSqi/jPd G2hnRKh2MBeuIHC2AlqyspIEnA3MW3LpzZhWPSVOtkXMMQyAgb7z/F0I4Ul/Ahoc pj2xXkPzcDNxgbP1wHf45iimcuWO/NUNmvMUASxAu7qtH5Joa6XmMmjeOIJwp5mx ifkDXWW5HlM= =WOwO -----END PGP SIGNATURE-----