Apple: >> Mac Os X >> 10.6.7 Security Vulnerabilities
The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app.
CVSS Score
10.0
EPSS Score
0.012
Published
2015-01-30
SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query.
CVSS Score
2.1
EPSS Score
0.001
Published
2015-01-30
The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive.
CVSS Score
4.9
EPSS Score
0.001
Published
2015-01-30
security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate.
CVSS Score
5.0
EPSS Score
0.002
Published
2015-01-30
Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file.
CVSS Score
6.8
EPSS Score
0.036
Published
2015-01-30
SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
CVSS Score
7.5
EPSS Score
0.007
Published
2015-01-30
Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path.
CVSS Score
7.5
EPSS Score
0.004
Published
2015-01-30
LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen.
CVSS Score
2.1
EPSS Score
0.001
Published
2015-01-30
LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive.
CVSS Score
5.0
EPSS Score
0.14
Published
2015-01-30
The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors.
CVSS Score
7.2
EPSS Score
0.0
Published
2015-01-30