lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <194FCFB7-5D97-43CA-AD86-7EC41B0A45FE@lists.apple.com>
Date: Mon, 17 Nov 2014 11:22:39 -0800
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1

OS X 10.10.1 is now available and addresses the following:

CFNetwork
Available for:  OS X Yosemite v10.10
Impact:  Website cache may not be fully cleared after leaving private
browsing
Description:  A privacy issue existed where browsing data could
remain in the cache after leaving private browsing. This issue was
addressed through a change in caching behavior.
CVE-ID
CVE-2014-4460

Spotlight
Available for:  OS X Yosemite v10.10
Impact:  Unnecessary information is included as part of the initial
connection between Spotlight or Safari and the Spotlight Suggestions
servers
Description:  The initial connection made by Spotlight or Safari to
the Spotlight Suggestions servers included a user's approximate
location before a user entered a query. This issue was addressed by
removing this information from the initial connection and only
sending the user's approximate location as part of queries.
CVE-ID
CVE-2014-4453 : Ashkan Soltani

System Profiler About This Mac
Available for:  OS X Yosemite v10.10
Impact:  Unnecessary information is included as part of a connection
to Apple to determine the system model
Description:  The request made by About This Mac to determine the
model of the system and direct users to the correct help resources
included unnecessary cookies. This issue was addressed by removing
cookies from the connection.
CVE-ID
CVE-2014-4458 : Landon Fuller of Plausible Labs

WebKit
Available for:  OS X Yosemite v10.10
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  A use after free issue existed in the handling of page
objects. This issue was addressed through improved memory management.
CVE-ID
CVE-2014-4459


OS X Yosemite 10.10.1 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJUadzaAAoJEBcWfLTuOo7t+NEQAJ9Ol8jEbJjK9gX2vepXSgB/
l4xfQIoD0dC5vGKquE+HJS0zH7sdmd9mK+Th439fy4z2PtjulQIKXDdP60CFsZcQ
oj7XU1TmWvZjCqWsr90fA61mIWsX9WjfbwKaN55ioLF2NOXBA1+AevqsosN/kj9m
OcfGnIhaAOmFtlveKywSwwep0TGMXMHmi7NjScdlJRdu1GQAlpkq0iqkMjzueoPI
zgZuC3xopuqMtaf686cAcgVo0FM8gX3Gj55MhDDy2bkl4/dj1+N5KBnaZGGQEaww
9FNtK0OUBzG9qpBRDMbuAihGn4FzhZa3/DIAjfr6t2h1xV5SSjH93wGbCl7Yp8jE
+Gi82WRf3DJ60ztGRvQZkiBpkC0pMretdBHXRAiSTWwiRuRYghENmY9vDWHthj3z
8HZWHxbcGLsDQQKUFzO4+v60LKs/LQ92nTNhuQyMeh4Jse3Qg8lUknthSEsw1UXd
GqOKlvKOEQP5JXir6VzjgppYThBAVKnCbzVXcxLUGgVxmk9L/HDhbnxS3rd2U4M0
vAxgBt8/8sjDEdO7IM6AtmBlSGQrxQ4trkG3vmw75RVgwWvFQ1J7b588qtFiVu/N
KRTp3qMKRkZiakkinyZEv6zj6AKKa1CohlorI7tiD0rlOYbw1+n2gHi+1ahreO6f
VT75kTNto2qPitQC9I+6
=9Emx
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ