tagline: Confidence in the Connected World
CIS Logo
HomeResourcesAdvisoriesMultiple Vulnerabilities in Apple Mac OS X Could Allow Remote Code Execution

Multiple Vulnerabilities in Apple Mac OS X Could Allow Remote Code Execution

MS-ISAC ADVISORY NUMBER:

2015-021

DATE(S) ISSUED:

03/09/2015

OVERVIEW:

Multiple vulnerabilities have been discovered in Apple MAC OS X. Mac OS X is an operating system for Apple computers. These vulnerabilities can be exploited if a user visits or is redirected to a specially crafted webpage, or opens a specially crafted file, including an email attachment, using a vulnerable version of OS X.

Successful exploitation could result in an attacker gaining the same privileges as the logged on user, remote code execution within the context of the application, and bypass of security systems. Failed attacks may cause a Denial of Service condition within the targeted delivery method. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

THREAT INTELLIGENCE:

There is no known proof-of-concept code available at this time. Updates are available.

SYSTEMS AFFECTED:

  • Apple Mac OS X Yosemite v10.10.2
  • Apple Mac OS X Mavericks v10.9.5
  • Apple Mac OS X Mountain Lion v10.8.5

RISK:

Goverment:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
HIGH

TECHNICAL SUMMARY:

Multiple remote code execution vulnerabilities have been discovered in Mac OS X that could allow remote code execution. These vulnerabilities can be exploited if a user visits or is redirected to a specially crafted webpage or opens a specially crafted file. Details of these vulnerabilities are as follows:

Apple Mac OS X Yosemite v10.10.2 is prone to multiple buffer overflows resulting from the handling of data during iCloud Keychain recovery (CVE-2015-1065).
Apple Mac OS X Yosemite v10.10.2 is prone leaked kernel addresses and heap permutation values resulting from the match_port_kobject kernel interface (CVE-2015-1066).
Apple OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 are prone to an off by one issue in the IOAcceleratorFamily (CVE-2015-1061).
Apple OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 are prone to a type confusion issue with IOSurface's handling of serialized objects(CVE-2014-4496).
Apple OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 are prone accepting short ephemeral RSA keys, also known as FREAK attack (CVE-2015-1067).

RECOMENDATIONS:

We recommend the following actions be taken:

Apply appropriate updates provided by Apple to vulnerable systems immediately after appropriate testing.
Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
Remind users not to download, accept, or execute files from un-trusted or unknown sources.
Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Information Hub: Advisories