BugTraq
APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001 Jun 30 2015 04:21PM
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001

Mac EFI Security Update 2015-001 is now available and addresses the
following:

EFI
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application with root privileges may be able to
modify EFI flash memory
Description: An insufficient locking issue existed with EFI flash
when resuming from sleep states. This issue was addressed through
improved locking.
CVE-ID
CVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah
and Corey Kallenberg of LegbaCore LLC, Pedro Vilaca

EFI
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application may induce memory corruption to
escalate privileges
Description: A disturbance error, also known as Rowhammer, exists
with some DDR3 RAM that could have led to memory corruption. This
issue was mitigated by increasing memory refresh rates.
CVE-ID
CVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working
from original research by Yoongu Kim et al (2014)

Mac EFI Security Update 2015-001 may be obtained from
the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVkfe2AAoJEBcWfLTuOo7tov8P/13ou+R6Z9qOXiKLcdGKaf+l
jr6o3SnIzbRM1D53d52e0xAPGuWbyUGkzoZBzBDQBt+dGj0n98NNJKsX/Stm/4mB
onEh21h1AflSWucTzHcJ4+PdwtvWofeFJ3bND8CZ6M8keHPBfwjY+yY3C5LNFv2w
rcQzKfufHPtdfKMp5xd7v26PUQvTKJP2F72xxZWgLnhu+MCGA4hjpU4oNWzbd79T
oUgHUrRUmgnjKdSdHo3wyNycLVkCMdwupF2C+v8cIg8X4veLtpj2XitsJrnj09kh
87ahgsvvFZo7yZLBDgoKx8/LU3p2NkozxhvizW3/HNnsF7bYgDTPF4afn4WGuGwM
7SXuoBxnwlv0cd3+l5EeWVzqnl0owEzhY8n+wr/nWP/6sMl9+AMl6b1HmgCf0PIw
duC2F5PlCPbyq9F0YksEvMxJ4c2F9MADiqAPEa8Y5Nt2cUj+6KpGD8t47TlhRCWu
obI1en03HBKA0+5Eh42A4IVHMJKBU8fpajWD4twjXaIKwaHgMjd64v9JqS6JAAR2
3QiMGhPp0FomBAiYX299jCkMnOeyeM1Avzv9al9TgUhoTrDDlMhI7wM8bibcGF3j
qG/M/C8bVDeEJmYaSXJADevY9lq5Vp5SHL0d4nf6sZ4XCF+IP/GZekj/+bDXN2KQ
nW0qODyqKboBMikYspwF
=nAip
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus