Q: Does this security iWork vulnerability threaten pre Yosemite?
If it does, what fix is available to Mavericks users?
from: NCCIVC & US-CERT
FROM APPLE:
About the security content of Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6
This document describes the security content of Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other security updates, see Apple security updates.
Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6
- Keynote, Pages, and NumbersAvailable for: OS X Yosemite v10.10.4 or later, iOS 8.4 or laterImpact: Opening a maliciously crafted document may lead to compromise of user informationDescription: Multiple input validation issues existed in parsing a maliciously crafted document. These issues were addressed through improved input validation.CVE-IDCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.CVE-2015-7032 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard)
- Keynote, Pages, and NumbersAvailable for: OS X Yosemite v10.10.4 or later, iOS 8.4 or laterImpact: Opening a maliciously crafted document may lead to unexpected application termination or arbitrary code executionDescription: A memory corruption issue existed in parsing a maliciously crafted document. This issue was addressed through improved memory handling.CVE-IDCVE-2015-7033 : Felix Groebert of the Google Security Team
- Pages Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted Pages document may lead to unexpected application termination or arbitrary code executionDescription: A memory corruption issue existed in parsing a maliciously crafted Pages document. This issue was addressed through improved memory handling.
OS X Mavericks (10.9.5)
Posted on Oct 16, 2015 11:16 AM
