BV 20.2 (update) for Mac OS X posted by Rainer Goebel on Jun 6, 2016 bvqx: BrainVoyager 20.2 release BV 20.2 (update) for Windows 64 with Python posted by Rainer Goebel on Jun 6, 2016. IHAC a customer who a mix of Windows and Mac OS 10.5 and 10.6 clients. All machines are members of AD, and all user names are AD. They wish to create a single file share on a VNX 5300 and share it out via CIFS to the Windows clients, and NFS to the Mac clients. My customer has set it up and they. BrainVoyager Brain Tutor 2.5 for Mac OS X posted by Rainer Goebel on Nov 10, 2010. Bvbraintutor: BrainVoyager Brain Tutor 2.5 release.
September 30th, 2018
All remaining products have been retired and withdrawn from the Mac App Store.
March 15th, 2016
RB App Checker Lite 1.1.6 (389) is now available for direct download.
December 13th, 2015
RB App Checker Lite 1.1.5 (358) is now available on the Mac App Store and 1.1.5 (359) is now available for direct download.
November 14th, 2015
RB App Checker Lite 1.1.4 (351) is now available for direct download.
September 23th, 2015
RB App Checker Lite 1.1.3 (320) is now available on the Mac App Store and 1.1.3 (321) is now available for direct download.
November 25th, 2014
RB App Checker Lite 1.1.2 (310) is now available on the Mac App Store and 1.1.2 (311) is now available for direct download.
September 15th, 2014
RB App Checker Lite 1.1.1 (288) is now available on the Mac App Store and 1.1.1 (289) for direct download.
September 2nd, 2014
RB App Checker Lite 1.1 (280) is now also available on the Mac App Store.
August 30th, 2014
RB App Checker Lite and RB App Quarantine 1.1 (281) are available for direct download.
August 23rd, 2014
RB App Quarantine 1.1 (273) is available for direct download.
October 6th, 2013
Quay 1.1.5 released, now compatible with Mavericks.
August 31st, 2013
RB App Checker Lite 1.0.3 (238) available on the Mac App Store; version 1.0.3 (239) is available for direct download.
August 29th, 2012
RB App Checker Lite 1.0.2 (206) available on the Mac App Store; version 1.0.2 (207) is available for direct download.
June 23rd, 2012
Quay 1.1.4 released, now compatible with Mountain Lion.
May 26th, 2012
RB App Checker Lite 1.0.1 (186) available on the Mac App Store; version 1.0.1 (187) is available for direct download.
April 26th, 2012
RB App Checker Lite 1.0 (182) available on the Mac App Store! Version 1.0 (183) is available for direct download.
April 25th, 2012
RB App Checker Lite 1.0 (181) released.
April 15th, 2012
RB App Checker Lite 1.0 (171) released.
April 14th, 2012
RB App Checker Lite 1.0rc1 released as a public release candidate.
March 22nd, 2012
RB App Checker Lite 0.9b2 released as a public beta.
March 8th, 2012
RB App Checker Lite 0.9b1 released as a public beta.
June 19th, 2011
Quay 1.1.3 released, now compatible with Lion.
May 17th, 2010
The entire site has been re-designed, using shiny new software.
February 25th, 2010
RBSplitViewFixer droplet application fixes nib files generated with the beta version of the RBSplitView plug-in.
February 10th, 2010
AddLicense command-line tool sources released; this tool adds license resources to disk images.
October 24th, 2009
RBSplitView 1.2 released, now compatible with Snow Leopard and Interface Builder 3.0.
August 31st, 2009
Quay 1.1.2 released, now compatible with Snow Leopard.
May 8th, 2009
Klicko 1.1.1 released: now suggests applications known to be incompatible, several bug fixes.
February 17th, 2009
Klicko 1.1 released: it's now a System Preferences panel, and does window maximizing too.
December 7th, 2008
Klicko 1.0.1 out, with some refinements.
November 30th, 2008
Klicko 1.0 released. It suppresses click-through in other application's windows.
October 15th, 2008
USInternational 1.2 released; works much better with Mac OS X 10.5 (Leopard).
May 8th, 2008
Quay 1.1 final released.
April 10th, 2008
FolderSweep is source code to sweep over a given folder and (as required) subfolders and files, looking at attributes and even file contents where necessary.
March 3rd, 2008
Quay 1.1b3 released; new features, bug fixes.
February 12th, 2008
Quay 1.1b2 released; supports Mac OS X 10.5.2.
February 6th, 2008
Quay 1.1b1 released; a complete rewrite, lots of new stuff!
November 30th, 2007
Quay 1.0.1 released. Bug fixes, some new functionality.
November 27th, 2007
Quay 1.0 released!
November 23th, 2007
Quay updated to version 10.b6 (public beta).
November 18th, 2007
Quay updated to version 10.b5 (public beta).
November 16th, 2007
Quay, version 10.b4 (public beta) published.
September 13th, 2007
Flipr (source code to flip windows using CoreImage) has been updated.
August 19th, 2007
Nudge Contextual Menu 1.2 now has separate 'Nudge' and 'Touch' menu items.
April 12th, 2007
PathProps is source code to get volume/device properties for a file path.
December 24th, 2006
Flipr is source code to flip windows using CoreImage.
September 1st, 2006
RBSplitView 1.1.4 has finally arrived, check it out.
August 24, 2006
Nudge Contextual Menu 1.1 now runs on PowerPC and Intel Macs, and does more.
May 30, 2005
RBSplitView 1.1.3 is out, and all that sort of thing.
May 12, 2005
RBSplitView 1.1.2 yadda, yadda.
May 7, 2005
RBSplitView 1.1.1 is out..
Apr. 24, 2005
RBSplitView 1.1 is out. Time to do something else, hehe.
Mar. 14, 2005
RBSplitView 1.0.4 is out.
Rainer Mac Os 11
Mar. 4, 2005
RBSplitView 1.0.3 is out.
Feb. 28, 2005
RBSplitView 1.0.2 is out.
Feb. 14, 2005
Moved the source code page to a more convenient location; sorry for the mix-up.
Jan. 27, 2005
RBSplitView 1.0.1 is out.
Jan. 1st, 2005
The source code page is up, with version 1.0 of RBSplitView as the first item.
Dec. 31, 2004
I'm up and running on the new hosting provider: DreamHost. Everything appears to be working fine.. Happy New Year for everybody!
Aug. 5, 2004
XRay 1.1 for Mac OS X is out! Check out the release notes. This is a bug-fix release. All users should upgrade.
Feb. 3, 2004
The Nudge Contextual Menu 1.01 for Mac OS X is out! This version has a much better installer and some tweaks. Details here.
Jan. 29, 2004
The Nudge Contextual Menu 1.0 for Mac OS X is out! (This has been superseded by 1.01, see above.)
Jan. 23, 2004
Some revisions to the The World's Most Powerful Meta-Disclaimer.
Jan. 20, 2004
Zingg! 1.4.1 is out! This is a bugfix release. Version 1.4 shows application icons, fixes a few bugs, and has some user interface refinements. See the release notes for details. This update is for 10.2 (Jaguar) and later versions of Mac OS X.
Dec. 30, 2003
Zingg! 1.3 is out! (This has been superseded by 1.4, see above.) This version has more options to set up the application list for greatly increased speed, and some user interface refinements. See the release notes for details. This update is for 10.2 (Jaguar) and later versions of Mac OS X.
Dec. 4, 2003
Saiu o AEXXI Updater 1.05 que permite rodar o 'Aurélio Século XXI' no ambiente Classic! Detalhes aqui.
Nov. 29, 2003
Fax Alert Installer 1.0 for Panther is out! Details here.
Grey smilies by Darren Burnhill's Forum Smileys
WordPress by the WordPress community
Metal 'RB' icon by Mario AV
Made on a Mac
.
The World's Most Powerful Meta-Disclaimer now has its own page!For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other security updates, see Apple security updates.
OS X El Capitan v10.11
Address Book
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to inject arbitrary code to processes loading the Address Book framework
Description: An issue existed in Address Book framework's handling of an environment variable. This issue was addressed through improved environment variable handling.
CVE-ID
CVE-2015-5897 : Dan Bastone of Gotham Digital Science
AirScan
Available for: Mac OS X v10.6.8 and later
Impact: An attacker with a privileged network position may be able to extract payload from eSCL packets sent over a secure connection
Description: An issue existed in the processing of eSCL packets. This issue was addressed through improved validation checks.
CVE-ID
CVE-2015-5853 : an anonymous researcher
apache_mod_php
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.27, including one which may have led to remote code execution. This issue was addressed by updating PHP to version 5.5.27.
CVE-ID
CVE-2014-9425
CVE-2014-9427
CVE-2014-9652
CVE-2014-9705
CVE-2014-9709
CVE-2015-0231
CVE-2015-0232
CVE-2015-0235
CVE-2015-0273
CVE-2015-1351
CVE-2015-1352
CVE-2015-2301
CVE-2015-2305
CVE-2015-2331
CVE-2015-2348
CVE-2015-2783
CVE-2015-2787
CVE-2015-3329
CVE-2015-3330
Apple Online Store Kit
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may gain access to a user's keychain items
Description: An issue existed in validation of access control lists for iCloud keychain items. This issue was addressed through improved access control list checks.
CVE-ID
CVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of Indiana University, Tongxin Li of Peking University, Tongxin Li of Peking University, Xiaolong Bai of Tsinghua University
AppleEvents
Available for: Mac OS X v10.6.8 and later
Impact: A user connected through screen sharing can send Apple Events to a local user's session
Description: An issue existed with Apple Event filtering that allowed some users to send events to other users. This was addressed by improved Apple Event handling.
CVE-ID
CVE-2015-5849 : Jack Lawrence (@_jackhl)
Audio
Available for: Mac OS X v10.6.8 and later
Impact: Playing a malicious audio file may lead to an unexpected application termination
Description: A memory corruption issue existed in the handling of audio files. This issue issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.: Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea
bash
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in bash
Description: Multiple vulnerabilities existed in bash versions prior to 3.2 patch level 57. These issues were addressed by updating bash version 3.2 to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
Certificate Trust Policy
Available for: Mac OS X v10.6.8 and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/kb/HT202858.
CFNetwork Cookies
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a privileged network position can track a user's activity
Description: A cross-domain cookie issue existed in the handling of top level domains. The issue was address through improved restrictions of cookie creation.
CVE-ID
CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University
CFNetwork FTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: Malicious FTP servers may be able to cause the client to perform reconnaissance on other hosts
Description: An issue existed in the handling of FTP packets when using the PASV command. This issue was resolved through improved validation.
CVE-ID
CVE-2015-5912 : Amit Klein
CFNetwork HTTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: A maliciously crafted URL may be able to bypass HSTS and leak sensitive data
Description: A URL parsing vulnerability existed in HSTS handling. This issue was addressed through improved URL parsing.
CVE-ID
CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University
CFNetwork HTTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: An attacker with a privileged network position may be able to intercept network traffic
Description: An issue existed in the handling of HSTS preload list entries in Safari private browsing mode. This issue was addressed through improved state handling.
CVE-ID
CVE-2015-5859 : Rosario Giustolisi of University of Luxembourg
CFNetwork HTTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: A malicious website may be able to track users in Safari private browsing mode
Description: An issue existed in the handling of HSTS state in Safari private browsing mode. This issue was addressed through improved state handling.
CVE-ID
CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd
CFNetwork Proxies
Available for: Mac OS X v10.6.8 and later
Impact: Connecting to a malicious web proxy may set malicious cookies for a website
Description: An issue existed in the handling of proxy connect responses. This issue was addressed by removing the set-cookie header while parsing the connect response.
CVE-ID
CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University
CFNetwork SSL
Available for: Mac OS X v10.6.8 and later
Impact: An attacker with a privileged network position may intercept SSL/TLS connections
Description: A certificate validation issue existed in NSURL when a certificate changed. This issue was addressed through improved certificate validation.
CVE-ID
CVE-2015-5824 : Timothy J. Wood of The Omni Group
CFNetwork SSL
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of RC4. An attacker could force the use of RC4, even if the server preferred better ciphers, by blocking TLS 1.0 and higher connections until CFNetwork tried SSL 3.0, which only allows RC4. This issue was addressed by removing the fallback to SSL 3.0.
CoreCrypto
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to determine a private key
Description: By observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms.
CoreText
Available for: Mac OS X v10.6.8 and later
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.
CVE-ID
CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team
Dev Tools
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue existed in dyld. This was addressed through improved memory handling.
CVE-ID
CVE-2015-5876 : beist of grayhash
Dev Tools
Available for: Mac OS X v10.6.8 and later
Impact: An application may be able to bypass code signing
Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2015-5839 : @PanguTeam
Disk Images
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with system privileges
Description: A memory corruption issue existed in DiskImages. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5847 : Filippo Bigarella, Luca Todesco
dyld
Available for: Mac OS X v10.6.8 and later
Impact: An application may be able to bypass code signing
Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2015-5839 : TaiG Jailbreak Team
EFI
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application can prevent some systems from booting
Description: An issue existed with the addresses covered by the protected range register. This issue was fixed by changing the protected range.
CVE-ID
CVE-2015-5900 : Xeno Kovah & Corey Kallenberg from LegbaCore
EFI
Available for: Mac OS X v10.6.8 and later
Impact: A malicious Apple Ethernet Thunderbolt adapter may be able to affect firmware flashing
Description: Apple Ethernet Thunderbolt adapters could modify the host firmware if connected during an EFI update. This issue was addressed by not loading option ROMs during updates.
CVE-ID
CVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare
Finder
Available for: Mac OS X v10.6.8 and later
Impact: The 'Secure Empty Trash' feature may not securely delete files placed in the Trash
Description: An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. This issue was addressed by removing the 'Secure Empty Trash' option.
CVE-ID
CVE-2015-5901 : Apple
Rainer Mac Os Catalina
Game Center
Available for: Mac OS X v10.6.8 and later
Impact: A malicious Game Center application may be able to access a player's email address
Description: An issue existed in Game Center in the handling of a player's email. This issue was addressed through improved access restrictions.
CVE-ID
CVE-2015-5855 : Nasser Alnasser
Heimdal
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to replay Kerberos credentials to the SMB server
Description: An authentication issue existed in Kerberos credentials. This issue was addressed through additional validation of credentials using a list of recently seen credentials.
CVE-ID
CVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu Fan of Microsoft Corporation, China
ICU
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in ICU
Description: Multiple vulnerabilities existed in ICU versions prior to 53.1.0. These issues were addressed by updating ICU to version 55.1.
CVE-ID
CVE-2014-8146 : Marc Deslauriers
CVE-2014-8147 : Marc Deslauriers
CVE-2015-5922 : Mark Brand of Google Project Zero
Install Framework Legacy
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to gain root privileges
Description: A restriction issue existed in the Install private framework containing a privileged executable. This issue was addressed by removing the executable.
CVE-ID
CVE-2015-5888 : Apple
Intel Graphics Driver
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with system privileges
Description: Multiple memory corruption issues existed in the Intel Graphics Driver. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5830 : Yuki MIZUNO (@mzyy94)
CVE-2015-5877 : Camillus Gerard Cai
IOAudioFamily
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in IOAudioFamily that led to the disclosure of kernel memory content. This issue was addressed by permuting kernel pointers.
CVE-ID
CVE-2015-5864 : Luca Todesco
IOGraphics
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5871 : Ilja van Sprundel of IOActive
CVE-2015-5872 : Ilja van Sprundel of IOActive
CVE-2015-5873 : Ilja van Sprundel of IOActive
CVE-2015-5890 : Ilja van Sprundel of IOActive
IOGraphics
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to determine kernel memory layout
Description: An issue existed in IOGraphics which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management.
CVE-ID
CVE-2015-5865 : Luca Todesco
Rainer Mac Os Download
IOHIDFamily
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: Multiple memory corruption issues existed in IOHIDFamily. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5866 : Apple
CVE-2015-5867 : moony li of Trend Micro
IOStorageFamily
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to read kernel memory
Description: A memory initialization issue existed in the kernel. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5863 : Ilja van Sprundel of IOActive
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: Multiple memory corruption issues existed in the Kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team
CVE-2015-5896 : Maxime Villard of m00nbsd
CVE-2015-5903 : CESG
Kernel
Available for: Mac OS X v10.6.8 and later
Angelshooter mac os. Impact: A local process can modify other processes without entitlement checks
Description: An issue existed where root processes using the processor_set_tasks API were allowed to retrieve the task ports of other processes. This issue was addressed through additional entitlement checks.
CVE-ID
CVE-2015-5882 : Pedro Vilaça, working from original research by Ming-chieh Pan and Sung-ting Tsai; Jonathan Levin
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may control the value of stack cookies
Description: Multiple weaknesses existed in the generation of user space stack cookies. These issues were addressed through improved generation of stack cookies.
CVE-ID
CVE-2013-3951 : Stefan Esser
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to launch denial of service attacks on targeted TCP connections without knowing the correct sequence number
Description: An issue existed in xnu's validation of TCP packet headers. This issue was addressed through improved TCP packet header validation.
CVE-ID
CVE-2015-5879 : Jonathan Looney
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a local LAN segment may disable IPv6 routing
Description: An insufficient validation issue existed in the handling of IPv6 router advertisements that allowed an attacker to set the hop limit to an arbitrary value. This issue was addressed by enforcing a minimum hop limit.
CVE-ID
CVE-2015-5869 : Dennis Spindel Ljungmark
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed that led to the disclosure of kernel memory layout. This was addressed through improved initialization of kernel memory structures.
CVE-ID
CVE-2015-5842 : beist of grayhash
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in debugging interfaces that led to the disclosure of memory content. This issue was addressed by sanitizing output from debugging interfaces.
CVE-ID
CVE-2015-5870 : Apple
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to cause a system denial of service
Description: A state management issue existed in debugging functionality. This issue was addressed through improved validation.
CVE-ID
CVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team
libc
Available for: Mac OS X v10.6.8 and later
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A memory corruption issue existed in the fflush function. This issue was addressed through improved memory handling.
CVE-ID
CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse Corporation
libpthread
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team
libxpc
Available for: Mac OS X v10.6.8 and later
Impact: Many SSH connections could cause a denial of service
Description: launchd had no limit on the number of processes that could be started by a network connection. This issue was addressed by limiting the number of SSH processes to 40.
CVE-ID
CVE-2015-5881 : Apple 5hoursleft mac os.
Login Window
Available for: Mac OS X v10.6.8 and later
Impact: The screen lock may not engage after the specified time period
Description: An issue existed with captured display locking. The issue was addressed through improved lock handling.
CVE-ID
CVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and Jon Hall of Asynchrony
lukemftpd
Available for: Mac OS X v10.6.8 and later
Impact: A remote attacker may be able to deny service to the FTP server
Description: A glob-processing issue existed in tnftpd. This issue was addressed through improved glob validation.
CVE-ID
CVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com
Mail
Available for: Mac OS X v10.6.8 and later
Impact: Printing an email may leak sensitive user information
Description: An issue existed in Mail which bypassed user preferences when printing an email. This issue was addressed through improved user preference enforcement.
CVE-ID
CVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya, Dennis Klein from Eschenburg, Germany, Jeff Hammett of Systim Technology Partners
Mail
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a privileged network position may be able to intercept attachments of S/MIME-encrypted e-mail sent via Mail Drop
Description: An issue existed in handling encryption parameters for large email attachments sent via Mail Drop. The issue is addressed by no longer offering Mail Drop when sending an encrypted e-mail.
CVE-ID
CVE-2015-5884 : John McCombs of Integrated Mapping Ltd
Multipeer Connectivity
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to observe unprotected multipeer data
Description: An issue existed in convenience initializer handling in which encryption could be actively downgraded to a non-encrypted session. This issue was addressed by changing the convenience initializer to require encryption.
CVE-ID
CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem
NetworkExtension
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to determine kernel memory layout
Description: An uninitialized memory issue in the kernel led to the disclosure of kernel memory content. This issue was addressed through improved memory initialization.
CVE-ID
CVE-2015-5831 : Maxime Villard of m00nbsd
Notes
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to leak sensitive user information
Description: An issue existed in parsing links in the Notes application. This issue was addressed through improved input validation.
CVE-ID
CVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher
Notes
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to leak sensitive user information
Description: A cross-site scripting issue existed in parsing text by the Notes application. This issue was addressed through improved input validation.
CVE-ID
CVE-2015-5875 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)
OpenSSH
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in OpenSSH
Description: Multiple vulnerabilities existed in OpenSSH versions prior to 6.9. These issues were addressed by updating OpenSSH to version 6.9.
CVE-ID
CVE-2014-2532
OpenSSL
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in OpenSSL
Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg.
CVE-ID
CVE-2015-0286
CVE-2015-0287
procmail
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in procmail
Description: Multiple vulnerabilities existed in procmail versions prior to 3.22. These issues were addressed by removing procmail.
CVE-ID
CVE-2014-3618
remote_cmds
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with root privileges
Description: An issue existed in the usage of environment variables by the rsh binary. This issue was addressed by dropping setuid privileges from the rsh binary.
CVE-ID
CVE-2015-5889 : Philip Pettersson
removefile
Available for: Mac OS X v10.6.8 and later
Impact: Processing malicious data may lead to unexpected application termination
Description: An overflow fault existed in the checkint division routines. This issue was addressed with improved division routines.
CVE-ID
CVE-2015-5840 : an anonymous researcher
Ruby
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in Ruby
Description: Multiple vulnerabilities existed in Ruby versions prior to 2.0.0p645. These were addressed by updating Ruby to version 2.0.0p645.
CVE-ID
CVE-2014-8080
CVE-2014-8090
CVE-2015-1855
Security
Available for: Mac OS X v10.6.8 and later
Impact: The lock state of the keychain may be incorrectly displayed to the user
Description: A state management issue existed in the way keychain lock status was tracked. This issue was addressed through improved state management.
CVE-ID
CVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron, Eric E. Lawrence, Apple
Security
Available for: Mac OS X v10.6.8 and later
Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails
Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag.
CVE-ID
CVE-2015-5894 : Hannes Oud of kWallet GmbH
Security
Available for: Mac OS X v10.6.8 and later
Impact: A remote server may prompt for a certificate before identifying itself
Description: Secure Transport accepted the CertificateRequest message before the ServerKeyExchange message. This issue was addressed by requiring the ServerKeyExchange first.
CVE-ID
CVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of INRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of Microsoft Research, Pierre-Yves Strub of IMDEA Software Institute
SMB
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5891 : Ilja van Sprundel of IOActive
Rainer Mac Os X
SMB
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in SMBClient that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2015-5893 : Ilja van Sprundel of IOActive
SQLite
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in SQLite v3.8.5
Description: Multiple vulnerabilities existed in SQLite v3.8.5. These issues were addressed by updating SQLite to version 3.8.10.2.
CVE-ID
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
Telephony
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker can place phone calls without the user's knowledge when using Continuity
Description: An issue existed in the authorization checks for placing phone calls. This issue was addressed through improved authorization checks.
Turret jumper (prototype) mac os. CVE-ID
CVE-2015-3785 : Dan Bastone of Gotham Digital Science
Terminal
Available for: Mac OS X v10.6.8 and later
Impact: Maliciously crafted text could mislead the user in Terminal
Description: Terminal did not handle bidirectional override characters in the same way when displaying text and when selecting text. This issue was addressed by suppressing bidirectional override characters in Terminal.
CVE-ID
CVE-2015-5883 : Lukas Schauer (@lukas2511)
tidy
Available for: Mac OS X v10.6.8 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: Multiple memory corruption issues existed in tidy. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5522 : Fernando Muñoz of NULLGroup.com
CVE-2015-5523 : Fernando Muñoz of NULLGroup.com
Time Machine
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may gain access to keychain items
Description: An issue existed in backups by the Time Machine framework. This issue was addressed through improved coverage of Time Machine backups.
CVE-ID
CVE-2015-5854 : Jonas Magazinius of Assured AB
Note: OS X El Capitan v10.11 includes the security content of Safari 9.
