Vulnerabilities > Apple > MAC OS X > 10.10.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-03-11 | CVE-2015-1067 | Cryptographic Issues vulnerability in Apple Iphone OS, mac OS X and Tvos Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637. | 4.3 |
| 2015-01-30 | CVE-2014-8839 | Information Exposure vulnerability in Apple mac OS X Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL. | 5.0 |
| 2015-01-30 | CVE-2014-8838 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app. | 4.3 |
| 2015-01-30 | CVE-2014-8837 | Unspecified vulnerability in Apple mac OS X Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app. | 9.3 |
| 2015-01-30 | CVE-2014-8836 | Improper Input Validation vulnerability in Apple mac OS X The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app. | 10.0 |
| 2015-01-30 | CVE-2014-8835 | Data Processing Errors vulnerability in Apple mac OS X 10.10.0/10.10.1 The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue. | 9.3 |
| 2015-01-30 | CVE-2014-8834 | Information Exposure vulnerability in Apple mac OS X 10.10.0/10.10.1 UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file. | 2.1 |
| 2015-01-30 | CVE-2014-8833 | Improper Access Control vulnerability in Apple mac OS X SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query. | 2.1 |
| 2015-01-30 | CVE-2014-8832 | Information Exposure vulnerability in Apple mac OS X The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive. | 4.9 |
| 2015-01-30 | CVE-2014-8831 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate. | 5.0 |