Apple

macOS X

3207 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2014-8836

Exploit
  • EPSS 1.2%
  • Veröffentlicht 30.01.2015 11:59:45
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app.

9.3

CVE-2014-8835

Exploit
  • EPSS 35.42%
  • Veröffentlicht 30.01.2015 11:59:44
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, relat...

2.1

CVE-2014-8833

  • EPSS 0.05%
  • Veröffentlicht 30.01.2015 11:59:43
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query.

2.1

CVE-2014-8834

  • EPSS 0.06%
  • Veröffentlicht 30.01.2015 11:59:43
  • Zuletzt bearbeitet 12.04.2025 10:46:40

UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file.

4.9

CVE-2014-8832

  • EPSS 0.06%
  • Veröffentlicht 30.01.2015 11:59:42
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive.

5

CVE-2014-8831

  • EPSS 0.16%
  • Veröffentlicht 30.01.2015 11:59:41
  • Zuletzt bearbeitet 12.04.2025 10:46:40

security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate.

6.8

CVE-2014-8830

  • EPSS 3.59%
  • Veröffentlicht 30.01.2015 11:59:40
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file.

7.5

CVE-2014-8829

  • EPSS 0.71%
  • Veröffentlicht 30.01.2015 11:59:39
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.

7.5

CVE-2014-8828

  • EPSS 0.36%
  • Veröffentlicht 30.01.2015 11:59:38
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path.

2.1

CVE-2014-8827

  • EPSS 0.06%
  • Veröffentlicht 30.01.2015 11:59:37
  • Zuletzt bearbeitet 12.04.2025 10:46:40

LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen.