Vulnerabilities > Apple > MAC OS X > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-01-30 | CVE-2014-8836 | Improper Input Validation vulnerability in Apple mac OS X The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app. | 10.0 |
| 2015-01-30 | CVE-2014-8835 | Data Processing Errors vulnerability in Apple mac OS X 10.10.0/10.10.1 The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue. | 9.3 |
| 2015-01-30 | CVE-2014-8824 | Improper Input Validation vulnerability in Apple mac OS X The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | 10.0 |
| 2015-01-30 | CVE-2014-8822 | Data Processing Errors vulnerability in Apple mac OS X IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method. | 10.0 |
| 2015-01-30 | CVE-2014-8817 | Data Processing Errors vulnerability in Apple mac OS X coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command. | 10.0 |
| 2015-01-30 | CVE-2014-4497 | Numeric Errors vulnerability in Apple mac OS X Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app. | 10.0 |
| 2015-01-30 | CVE-2014-4495 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS, mac OS X and Tvos The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app. | 10.0 |
| 2015-01-30 | CVE-2014-4489 | Unspecified vulnerability in Apple Iphone OS, mac OS X and Tvos IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | 10.0 |
| 2015-01-30 | CVE-2014-4488 | Data Processing Errors vulnerability in Apple Iphone OS, mac OS X and Tvos IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | 10.0 |
| 2015-01-30 | CVE-2014-4487 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Tvos Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app. | 10.0 |