Vulnerabilities > Apple > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-01-30 | CVE-2014-8826 | Data Processing Errors vulnerability in Apple mac OS X LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. | 5.0 |
2015-01-30 | CVE-2014-8823 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument. | 4.7 |
2015-01-30 | CVE-2014-8816 | Resource Management Errors vulnerability in Apple mac OS X CoreGraphics in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PDF document. | 6.8 |
2015-01-30 | CVE-2014-4498 | Code vulnerability in Apple mac OS X The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue. | 4.7 |
2015-01-30 | CVE-2014-4496 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Tvos The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. | 5.0 |
2015-01-30 | CVE-2014-4494 | Improper Input Validation vulnerability in Apple Iphone OS Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app. | 6.8 |
2015-01-30 | CVE-2014-4491 | Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. | 5.0 |
2015-01-30 | CVE-2014-4483 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Tvos Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document. | 6.8 |
2015-01-30 | CVE-2014-4481 | Numeric Errors vulnerability in Apple Iphone OS, mac OS X and Tvos Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | 6.8 |
2015-01-30 | CVE-2014-4479 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477. | 6.8 |