Vulnerabilities > Apple > MAC OS X
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-01-30 | CVE-2014-8833 | Improper Access Control vulnerability in Apple mac OS X SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query. | 2.1 |
| 2015-01-30 | CVE-2014-8832 | Information Exposure vulnerability in Apple mac OS X The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive. | 4.9 |
| 2015-01-30 | CVE-2014-8831 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate. | 5.0 |
| 2015-01-30 | CVE-2014-8830 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file. | 6.8 |
| 2015-01-30 | CVE-2014-8829 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. | 7.5 |
| 2015-01-30 | CVE-2014-8828 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path. | 7.5 |
| 2015-01-30 | CVE-2014-8827 | Improper Access Control vulnerability in Apple mac OS X LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen. | 2.1 |
| 2015-01-30 | CVE-2014-8826 | Data Processing Errors vulnerability in Apple mac OS X LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. | 5.0 |
| 2015-01-30 | CVE-2014-8825 | Improper Input Validation vulnerability in Apple mac OS X The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors. | 7.2 |
| 2015-01-30 | CVE-2014-8824 | Improper Input Validation vulnerability in Apple mac OS X The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | 10.0 |