:: Deepquest ::

OS X 10.10 Bluetooth DispatchHCIWriteStoredLinkKey crash denial of service proof of concept exploit.

OS X 10.10 Bluetooth BluetoothHCIChangeLocalName crash denial of service proof of concept exploit.

OS X 10.10 Bluetooth TransferACLPacketToHW crash denial of service proof of concept exploit.

Apple Security Advisory 2014-12-22-1 – A remote attacker may be able to execute arbitrary code Description: Several issues existed in ntpd that would have allowed an attacker to trigger buffer overflows. These issues were addressed through improved error checking.

Apple Security Advisory 2014-12-18-1 – Xcode 6.2 beta 3 is now available and addresses a unicode issue that can be leveraged by a malicious git repository.

Apple Security Advisory 2014-12-11-1 – Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2 are now available and include the security content of Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1.

Apple Security Advisory 2014-12-3-1 – Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 are now available and address cross-origin CSS loading and multiple memory handling vulnerabilities.

A heap overflow in IOHIKeyboardMapper::parseKeyMapping allows kernel memory corruption in Mac OS X before 10.10. By abusing a bug in the IORegistry, kernel pointers can also be leaked, allowing a full kASLR bypass. Tested on Mavericks 10.9.5, and should work on previous versions. The issue has been patched silently in Yosemite.

Safari version 8.0 on OS X 10.10 crash proof of concept exploit.

Apple Security Advisory 2014-11-17-1 – iOS 8.1.1 is now available and addresses code execution and various other security flaws.