Vulnerabilities > Apple > MAC OS X > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-09-24 | CVE-2014-6271 | OS Command Injection vulnerability in multiple products GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. | 9.8 |
| 2014-09-19 | CVE-2014-4402 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking on read operations, which allows attackers to execute arbitrary code in a privileged context via a crafted application. | 9.3 |
| 2014-09-19 | CVE-2014-4393 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GLSL shader. | 10.0 |
| 2014-09-19 | CVE-2014-4390 | Improper Input Validation vulnerability in Apple mac OS X Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application. | 9.3 |
| 2014-09-19 | CVE-2014-4376 | IOAcceleratorFamily Arbitrary Code Execution vulnerability in Apple Mac OS X IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments. | 10.0 |
| 2014-09-18 | CVE-2014-4405 | NULL Pointer Dereference Remote Code Execution vulnerability in Apple Iphone OS, mac OS X and Tvos IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties. | 9.3 |
| 2014-09-18 | CVE-2014-4389 | Numeric Errors vulnerability in Apple Iphone OS, mac OS X and Tvos Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments. | 9.3 |
| 2014-09-18 | CVE-2014-4388 | Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Tvos IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418. | 9.3 |
| 2014-09-18 | CVE-2014-4381 | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application. | 9.3 |
| 2014-09-18 | CVE-2014-4380 | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application. | 9.3 |