Vulnerabilities > Apple > MAC OS X > 10.3.5

DATE CVE VULNERABILITY TITLE RISK
2015-01-30 CVE-2014-8816 Resource Management Errors vulnerability in Apple mac OS X
CoreGraphics in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PDF document.
network
apple CWE-399
6.8
2015-01-30 CVE-2014-4499 Information Exposure vulnerability in Apple mac OS X
The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file.
local
low complexity
apple CWE-200
2.1
2015-01-30 CVE-2014-4498 Code vulnerability in Apple mac OS X
The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue.
local
apple CWE-17
4.7
2015-01-30 CVE-2014-4497 Numeric Errors vulnerability in Apple mac OS X
Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app.
network
low complexity
apple CWE-189
critical
10.0
2015-01-30 CVE-2014-4495 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS, mac OS X and Tvos
The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app.
network
low complexity
apple CWE-264
critical
10.0
2015-01-30 CVE-2014-4492 Data Processing Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.
network
low complexity
apple CWE-19
7.5
2015-01-30 CVE-2014-4491 Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos
The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.
network
low complexity
apple CWE-200
5.0
2015-01-30 CVE-2014-4489 Unspecified vulnerability in Apple Iphone OS, mac OS X and Tvos
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
network
low complexity
apple
critical
10.0
2015-01-30 CVE-2014-4488 Data Processing Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
network
low complexity
apple CWE-19
critical
10.0
2015-01-30 CVE-2014-4487 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Tvos
Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.
network
low complexity
apple CWE-119
critical
10.0