lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <9B67B404-B9F3-4504-B558-92ACD55A8DF8@lists.apple.com>
Date: Tue, 30 Jun 2015 09:21:13 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001

Mac EFI Security Update 2015-001 is now available and addresses the
following:

EFI
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact:  A malicious application with root privileges may be able to
modify EFI flash memory
Description:  An insufficient locking issue existed with EFI flash
when resuming from sleep states. This issue was addressed through
improved locking.
CVE-ID
CVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah
and Corey Kallenberg of LegbaCore LLC, Pedro Vilaca

EFI
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact:  A malicious application may induce memory corruption to
escalate privileges
Description:  A disturbance error, also known as Rowhammer, exists
with some DDR3 RAM that could have led to memory corruption. This
issue was mitigated by increasing memory refresh rates.
CVE-ID
CVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working
from original research by Yoongu Kim et al (2014)


Mac EFI Security Update 2015-001 may be obtained from
the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVkfe2AAoJEBcWfLTuOo7tov8P/13ou+R6Z9qOXiKLcdGKaf+l
jr6o3SnIzbRM1D53d52e0xAPGuWbyUGkzoZBzBDQBt+dGj0n98NNJKsX/Stm/4mB
onEh21h1AflSWucTzHcJ4+PdwtvWofeFJ3bND8CZ6M8keHPBfwjY+yY3C5LNFv2w
rcQzKfufHPtdfKMp5xd7v26PUQvTKJP2F72xxZWgLnhu+MCGA4hjpU4oNWzbd79T
oUgHUrRUmgnjKdSdHo3wyNycLVkCMdwupF2C+v8cIg8X4veLtpj2XitsJrnj09kh
87ahgsvvFZo7yZLBDgoKx8/LU3p2NkozxhvizW3/HNnsF7bYgDTPF4afn4WGuGwM
7SXuoBxnwlv0cd3+l5EeWVzqnl0owEzhY8n+wr/nWP/6sMl9+AMl6b1HmgCf0PIw
duC2F5PlCPbyq9F0YksEvMxJ4c2F9MADiqAPEa8Y5Nt2cUj+6KpGD8t47TlhRCWu
obI1en03HBKA0+5Eh42A4IVHMJKBU8fpajWD4twjXaIKwaHgMjd64v9JqS6JAAR2
3QiMGhPp0FomBAiYX299jCkMnOeyeM1Avzv9al9TgUhoTrDDlMhI7wM8bibcGF3j
qG/M/C8bVDeEJmYaSXJADevY9lq5Vp5SHL0d4nf6sZ4XCF+IP/GZekj/+bDXN2KQ
nW0qODyqKboBMikYspwF
=nAip
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ