Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mac OS X < 10.10.3 Multiple Vulnerabilities

Critical

Synopsis

The remote host is missing a critical Mac OS X patch update.

Description

The version of Mac OS X is 10.10.x prior to version 10.10.3, and is affected by the following vulnerabilities :

- There is an off-by-one error in the IOAcceleratorFamily component which would allow an attacker to execute arbitrary code. (CVE-2015-1066) - There is a flaw in the way that the IOSurface component handles "type confusion" which would allow a remote attacker to execute arbitrary code as a privileged user. (CVE-2015-1061) - There is a flaw in iCloud Keychain which would allow a man-in-the-middle attacker to execute arbitrary code. (CVE-2015-1065) - The Secure Transport component allows remote attackers to downgrade the encryption cipher. (CVE-2015-1067) - The IOHIDFamily allows attackers within physical proximity to execute a Denial of Service attack within a kernel context. (CVE-2015-1095) - The CFNetwork component does not properly handle cookies which may allow an attacker to bypass Same Origin Policy. (CVE-2015-1089) - The 'fontd' daemon may allow remote code execution. (CVE-2015-1135) - A NULL pointer dereference flaw in 'Secure Transport' is triggered during the handling of a maliciously crafted X.509 certificate. This may allow a remote attacker to terminate arbitrary applications. (CVE-2015-1160)

Solution

Upgrade to Mac OS X 10.10.3 or later.