You are here
Home > Preporuke > Nadogradnja za OS X

Nadogradnja za OS X

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: M
  • Kategorije: APL

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

APPLE-SA-2015-03-09-3 Security Update 2015-002

Security Update 2015-002 is now available and addresses the
following:

iCloud Keychain
Available for: OS X Yosemite v10.10.2
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: Multiple buffer overflows existed in the handling of
data during iCloud Keychain recovery. These issues were addressed
through improved bounds checking.
CVE-ID
CVE-2015-1065 : Andrey Belenko of NowSecure

IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemite v10.10.2
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An off by one issue existed in IOAcceleratorFamily.
This issue was addressed through improved bounds checking.
CVE-ID
CVE-2015-1066 : Ian Beer of Google Project Zero

IOSurface
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemite v10.10.2
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A type confusion issue existed in IOSurface’s handling
of serialized objects. The issue was addressed through additional
type checking.
CVE-ID
CVE-2015-1061 : Ian Beer of Google Project Zero

Kernel
Available for: OS X Yosemite v10.10.2
Impact: Maliciously crafted or compromised applications may be ableiz
to determine addresses in the kernel
Description: The mach_port_kobject kernel interface leaked kernel
addresses and heap permutation value, which may aid in bypassing
address space layout randomization protection. This was addressed by
disabling the mach_port_kobject interface in production
configurations.
CVE-ID
CVE-2014-4496 : TaiG Jailbreak Team

Secure Transport
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemite v10.10.2
Impact: An attacker with a privileged network position may intercept
SSL/TLS connections
Description: Secure Transport accepted short ephemeral RSA keys,
usually used only in export-strength RSA cipher suites, on
connections using full-strength RSA cipher suites. This issue, also
known as FREAK, only affected connections to servers which support
export-strength RSA cipher suites, and was addressed by removing
support for ephemeral RSA keys.
CVE-ID
CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine
Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of
Prosecco at Inria Paris

Security Update 2015-002 may be obtained from the Mac App Store
or Apple’s Software Downloads web site:
http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

—–BEGIN PGP SIGNATURE—–
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools – http://gpgtools.org

iQIcBAEBAgAGBQJU/fmlAAoJEBcWfLTuOo7tiDQP/2pmrat21oSpVVCytKMELXhx
QJ3IERRNcNOI/toYqEei7WH8XeiIBo2Eq2IRrxuNPqILEDJDzv47UfmyN9jwfgoo
R73nGHR1NwbhlvB6ckfSRqb0uLGmT3Gs+fSQSEVzlWJfrUjqwWEQwZIZubEKW4DK
F9PoKormSyciv+g0Aw0A4WvFTfAeM3qUcq3I6bIqSM76tUhzuq63TOz5e6KGoAvp
VHm34OvVU/vt0YLvi3kw5mbxisYfJPyrfTzSRdD7ATvsPc8LGWP4tG46cKy6lBVe
7T7T5lb0ApRl7JEvy37KZCMvvd+OQr2YZA8HE06FrfGw8QvoQSKaHVMxib7shq1i
but+lmTi7SUO3OY/5CqpJlSYUdaS3wTTEF6VuI3tsdHsGNNH1zync2+UmSKpIzyR
TxbGyyozbdZ+R83ULE0jar9BsDFQR9VSNiNqDB89Y3Rx6rcePFXlQ1W2J7/yhS+N
kYrlbNLeZdPFHfVKS+rl/spbEkOi+jp/W2NoBTRGwOU6eED5/YE6WN6podZZKW9b
I3NWRzFnxtpk9Y/UldV1iPlZJQzTf8smP7dUZcweCDrFQg8QLhETENG0f4r2/30u
i6DSLoFrdFE1Z1+mF3SG9++9f+PSvOXqt7iRrYJMyoPWbKtb9gxIOs8mK5T/D+vu
TJDXCjMND7F2ZJFRim/F
=7PU8
—–END PGP SIGNATURE—–

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)

AutorMarko Stanec
Cert idNCERT-REF-2015-03-0002-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Izdana nova inačica programskog paketa Xcode

Izdana je nova inačica programskog paketa Xcode - 6.2, za operacijski sustav OS X Mavericks i novije. U novoj inačici...

Close