Apple: >> Mac Os X >> 10.5.7 Security Vulnerabilities
Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing.
CVSS Score
5.4
EPSS Score
0.009
Published
2014-10-18
CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount.
CVSS Score
4.7
EPSS Score
0.0
Published
2014-10-18
Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation.
CVSS Score
2.1
EPSS Score
0.001
Published
2014-10-18
fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement.
CVSS Score
4.7
EPSS Score
0.0
Published
2014-10-18
Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem.
CVSS Score
7.2
EPSS Score
0.001
Published
2014-10-18
The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem.
CVSS Score
4.9
EPSS Score
0.001
Published
2014-10-18
The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots.
CVSS Score
4.4
EPSS Score
0.001
Published
2014-10-18
IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-10-18
LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object.
CVSS Score
6.8
EPSS Score
0.005
Published
2014-10-18
Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted.
CVSS Score
6.9
EPSS Score
0.0
Published
2014-10-18