===================================================================== CERT-Renater Note d'Information No. 2014/VULN269 _____________________________________________________________________ DATE : 19/11/2014 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Mac OS X versions prior to 10.10.1. ====================================================================== https://support.apple.com/en-us/HT6591 ______________________________________________________________________ APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1 OS X 10.10.1 is now available and addresses the following: CFNetwork Available for: OS X Yosemite v10.10 Impact: Website cache may not be fully cleared after leaving private browsing Description: A privacy issue existed where browsing data could remain in the cache after leaving private browsing. This issue was addressed through a change in caching behavior. CVE-ID CVE-2014-4460 Spotlight Available for: OS X Yosemite v10.10 Impact: Unnecessary information is included as part of the initial connection between Spotlight or Safari and the Spotlight Suggestions servers Description: The initial connection made by Spotlight or Safari to the Spotlight Suggestions servers included a user's approximate location before a user entered a query. This issue was addressed by removing this information from the initial connection and only sending the user's approximate location as part of queries. CVE-ID CVE-2014-4453 : Ashkan Soltani System Profiler About This Mac Available for: OS X Yosemite v10.10 Impact: Unnecessary information is included as part of a connection to Apple to determine the system model Description: The request made by About This Mac to determine the model of the system and direct users to the correct help resources included unnecessary cookies. This issue was addressed by removing cookies from the connection. CVE-ID CVE-2014-4458 : Landon Fuller of Plausible Labs WebKit Available for: OS X Yosemite v10.10 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the handling of page objects. This issue was addressed through improved memory management. CVE-ID CVE-2014-4459 OS X Yosemite 10.10.1 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================