2014.json

[
    {
        "impact": "Synching with a malicious git repository may allow unexpected files to be added to the .git folder", 
        "available": "OS X Mavericks v10.9.4 or later", 
        "description": "The checks involved in disallowed paths did not account for case insensitivity or unicode characters. This issue was addressed by adding additional checks.", 
        "update": "", 
        "module": "Git", 
        "id": "CVE-2014-9390 ", 
        "credit": "Matt Mackall of Mercurial and Augie Fackler of Mercurial", 
        "page": "http://support.apple.com/en-us/HT204147"
    }, 
    {
        "impact": "Visiting a website that frames malicious content may lead to UI spoofing", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1", 
        "description": "A UI spoofing issue existed in the handling of scrollbar boundaries. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2014-1748 ", 
        "credit": "Jordan Milne", 
        "page": "http://support.apple.com/en-us/HT204421"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2014-4452", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT204421"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2014-4459", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT204421"
    }, 
    {
        "impact": "Style sheets are loaded cross-origin which may allow for data exfiltration", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1", 
        "description": "An SVG loaded in an img element could load a CSS file cross-origin. This issue was addressed through enhanced blocking of external CSS references in SVGs.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2014-4465 ", 
        "credit": "Rennie deGraaf of iSEC Partners", 
        "page": "http://support.apple.com/en-us/HT204421"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2014-4466 ", 
        "credit": "Apple", 
        "page": "http://support.apple.com/en-us/HT204421"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2014-4468 ", 
        "credit": "Apple", 
        "page": "http://support.apple.com/en-us/HT204421"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2014-4469 ", 
        "credit": "Apple", 
        "page": "http://support.apple.com/en-us/HT204421"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2014-4470 ", 
        "credit": "Apple", 
        "page": "http://support.apple.com/en-us/HT204421"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2014-4471 ", 
        "credit": "Apple", 
        "page": "http://support.apple.com/en-us/HT204421"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2014-4472 ", 
        "credit": "Apple", 
        "page": "http://support.apple.com/en-us/HT204421"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2014-4473 ", 
        "credit": "Apple", 
        "page": "http://support.apple.com/en-us/HT204421"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2014-4474 ", 
        "credit": "Apple", 
        "page": "http://support.apple.com/en-us/HT204421"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2014-4475 ", 
        "credit": "Apple", 
        "page": "http://support.apple.com/en-us/HT204421"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0.", 
        "update": "", 
        "module": "libxml", 
        "id": "CVE-2011-3102 ", 
        "credit": "J\u00fcri Aedla", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0.", 
        "update": "", 
        "module": "libxml", 
        "id": "CVE-2012-0841", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0.", 
        "update": "", 
        "module": "libxml", 
        "id": "CVE-2012-2807 ", 
        "credit": "J\u00fcri Aedla", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in libxslt. These issues were addressed by updating libxslt to version 1.1.28.", 
        "update": "", 
        "module": "libxslt", 
        "id": "CVE-2012-2825 ", 
        "credit": "Nicolas Gregoire", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in libxslt. These issues were addressed by updating libxslt to version 1.1.28.", 
        "update": "", 
        "module": "libxslt", 
        "id": "CVE-2012-2870 ", 
        "credit": "Nicolas Gregoire", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in libxslt. These issues were addressed by updating libxslt to version 1.1.28.", 
        "update": "", 
        "module": "libxslt", 
        "id": "CVE-2012-2871 ", 
        "credit": "Kai Lu of Fortinet's FortiGuard Labs, Nicolas Gregoire", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0.", 
        "update": "", 
        "module": "libxml", 
        "id": "CVE-2012-5134 ", 
        "credit": "Google Chrome Security Team (J\u00fcri Aedla)", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "An uninitialized memory access issue existed in the handling of text tracks. This issue was addressed by additional validation of text tracks.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-1024 ", 
        "credit": "Richard Kuo and Billy Suguitan of Triemt Corporation", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-1037 ", 
        "credit": "Google Chrome Security Team", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-1038 ", 
        "credit": "Google Chrome Security Team", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-1039 ", 
        "credit": "own-hero Research working with iDefense VCP", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-1040 ", 
        "credit": "Google Chrome Security Team", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-1041 ", 
        "credit": "Google Chrome Security Team", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-1042 ", 
        "credit": "Google Chrome Security Team", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-1043 ", 
        "credit": "Google Chrome Security Team", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-1044 ", 
        "credit": "Apple", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-1045 ", 
        "credit": "Google Chrome Security Team", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-1046 ", 
        "credit": "Google Chrome Security Team", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-1047 ", 
        "credit": "miaubiz", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-2842 ", 
        "credit": "Cyril Cattiaux", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-5125 ", 
        "credit": "Google Chrome Security Team", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-5126 ", 
        "credit": "Apple", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-5127 ", 
        "credit": "Google Chrome Security Team", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-5128 ", 
        "credit": "Apple", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "An attacker with a privileged network position may control the contents of the iTunes Tutorials window", 
        "available": "Mac OS X v10.6.8 or later, Windows 8, Windows 7, Vista, and XP SP2 or later", 
        "description": "The contents of the iTunes Tutorials window are retrieved from the network using an unprotected HTTP connection. An attacker with a privileged network position may inject arbitrary contents. This issue was addressed by using an encrypted HTTPS connection to retrieve tutorials.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1242 ", 
        "credit": "Apple", 
        "page": "http://support.apple.com/en-us/HT6001"
    }, 
    {
        "impact": "Loading a malformed executable file may cause memory corruption in the kernel", 
        "available": "Macs running Boot Camp 5", 
        "description": "A bounds checking issue existed in the AppleMNT.sys driver's parsing of Portable Executable files. If a Portable Executable file with a malformed header is loaded, this could cause a Boot Camp driver to corrupt kernel memory. The issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "Boot Camp", 
        "id": "CVE-2014-1253 ", 
        "credit": "MJ0011 of 360 Security Center", 
        "page": "http://support.apple.com/en-us/HT6126"
    }, 
    {
        "impact": "An attacker may be able to decrypt data protected by SSL", 
        "available": "OS X Mountain Lion v10.8.5", 
        "description": "There were known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite used a block cipher in CBC mode. To address these issues for applications using Secure Transport, the 1-byte fragment mitigation was enabled by default for this configuration.", 
        "update": "", 
        "module": "Secure Transport", 
        "id": "CVE-2011-3389 ", 
        "credit": "Juliano Rizzo and Thai Duong", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "Multiple vulnerabilities in Apache", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1", 
        "description": "Multiple vulnerabilities existed in Apache, the most serious of which may lead to cross-site scripting. These issues were addressed by updating Apache to version 2.2.26.", 
        "update": "", 
        "module": "Apache", 
        "id": "CVE-2013-1862", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "Multiple vulnerabilities in Apache", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1", 
        "description": "Multiple vulnerabilities existed in Apache, the most serious of which may lead to cross-site scripting. These issues were addressed by updating Apache to version 2.2.26.", 
        "update": "", 
        "module": "Apache", 
        "id": "CVE-2013-1896", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1", 
        "description": "Multiple vulnerabilities existed in PHP, the most serious of which may have led to arbitrary code execution. These issues were addressed by updating PHP to version 5.4.24 on OS X Mavericks v10.9, and 5.3.28 on OS X Lion and Mountain Lion.", 
        "update": "", 
        "module": "PHP", 
        "id": "CVE-2013-4073", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1", 
        "description": "Multiple vulnerabilities existed in PHP, the most serious of which may have led to arbitrary code execution. These issues were addressed by updating PHP to version 5.4.24 on OS X Mavericks v10.9, and 5.3.28 on OS X Lion and Mountain Lion.", 
        "update": "", 
        "module": "PHP", 
        "id": "CVE-2013-4113", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1", 
        "description": "Multiple vulnerabilities existed in PHP, the most serious of which may have led to arbitrary code execution. These issues were addressed by updating PHP to version 5.4.24 on OS X Mavericks v10.9, and 5.3.28 on OS X Lion and Mountain Lion.", 
        "update": "", 
        "module": "PHP", 
        "id": "CVE-2013-4248", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "Executing a malicious application may result in arbitrary code execution within the kernel", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5", 
        "description": "An out of bounds array access existed in the IOSerialFamily driver. This issue was addressed through additional bounds checking. This issue does not affect systems running OS X Mavericks v10.9 or later.", 
        "update": "", 
        "module": "IOSerialFamily", 
        "id": "CVE-2013-5139 ", 
        "credit": "@dent1zt", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "A file could show the wrong extension", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5", 
        "description": "An issue existed in the handling of certain unicode characters that could allow filenames to show incorrect extensions. The issue was addressed by filtering unsafe unicode characters from display in filenames. This issue does not affect systems running OS X Mavericks v10.9 or later.", 
        "update": "", 
        "module": "LaunchServices", 
        "id": "CVE-2013-5178 ", 
        "credit": "Jesse Ruderman of Mozilla Corporation, Stephane Sudre of Intego", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "The App Sandbox may be bypassed", 
        "available": "OS X Mountain Lion v10.8.5", 
        "description": "The LaunchServices interface for launching an application allowed sandboxed apps to specify the list of arguments passed to the new process. A compromised sandboxed application could abuse this to bypass the sandbox. This issue was addressed by preventing sandboxed applications from specifying arguments. This issue does not affect systems running OS X Mavericks 10.9 or later.", 
        "update": "", 
        "module": "App Sandbox", 
        "id": "CVE-2013-5179 ", 
        "credit": "Friedrich Graeter of The Soulmen GbR", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "Executing a malicious application could result in arbitrary code execution within the graphics card", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1", 
        "description": "An issue existed that allowed writes to some trusted memory on the graphics card. This issue was addressed by removing the ability of the host to write to that memory.", 
        "update": "", 
        "module": "NVIDIA Drivers", 
        "id": "CVE-2013-5986 ", 
        "credit": "Marcin Kościelnicki from the X.Org Foundation Nouveau project", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "Executing a malicious application could result in arbitrary code execution within the graphics card", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1", 
        "description": "An issue existed that allowed writes to some trusted memory on the graphics card. This issue was addressed by removing the ability of the host to write to that memory.", 
        "update": "", 
        "module": "NVIDIA Drivers", 
        "id": "CVE-2013-5987 ", 
        "credit": "Marcin Kościelnicki from the X.Org Foundation Nouveau project", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1", 
        "description": "Multiple vulnerabilities existed in PHP, the most serious of which may have led to arbitrary code execution. These issues were addressed by updating PHP to version 5.4.24 on OS X Mavericks v10.9, and 5.3.28 on OS X Lion and Mountain Lion.", 
        "update": "", 
        "module": "PHP", 
        "id": "CVE-2013-6420", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1", 
        "description": "A memory corruption issue existed in the handling of 'dref' atoms. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "QuickTime", 
        "id": "CVE-2014-1247 ", 
        "credit": "Tom Gallagher & Paul Bates working with HP's Zero Day Initiative", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1", 
        "description": "A buffer overflow existed in the handling of 'ldat' atoms. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "QuickTime", 
        "id": "CVE-2014-1248 ", 
        "credit": "Jason Kratzer working with iDefense VCP", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1", 
        "description": "A memory corruption issue existed in the handling of handling of Type 1 fonts. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "ATS", 
        "id": "CVE-2014-1254 ", 
        "credit": "Felix Groebert of the Google Security Team", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "The App Sandbox may be bypassed", 
        "available": "OS X Mavericks 10.9 and 10.9.1", 
        "description": "An arbitrary free issue existed in the handling of Mach messages passed to ATS. This issue was addressed through additional validation of Mach messages.", 
        "update": "", 
        "module": "ATS", 
        "id": "CVE-2014-1255 ", 
        "credit": "Meder Kydyraliev of the Google Security Team", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "The App Sandbox may be bypassed", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1", 
        "description": "A buffer overflow issue existed in the handling of Mach messages passed to ATS. This issue was addressed by additional bounds checking.", 
        "update": "", 
        "module": "ATS", 
        "id": "CVE-2014-1256 ", 
        "credit": "Meder Kydyraliev of the Google Security Team", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "Session cookies may persist even after resetting Safari", 
        "available": "OS X Mountain Lion v10.8.5", 
        "description": "Resetting Safari did not always delete session cookies until Safari was closed. This issue was addressed through improved handling of session cookies. This issue does not affect systems running OS X Mavericks 10.9 or later.", 
        "update": "", 
        "module": "CFNetwork Cookies", 
        "id": "CVE-2014-1257 ", 
        "credit": "Rob Ansaldo of Amherst College, Graham Bennett", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "Visiting a maliciously crafted site may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1", 
        "description": "A heap buffer overflow existed in CoreAnimation's handling of images. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "CoreAnimation", 
        "id": "CVE-2014-1258 ", 
        "credit": "Karl Smith of NCC Group", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "Viewing a file with a maliciously crafted name may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1", 
        "description": "A buffer overflow existed in the handling of file names. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "File Bookmark", 
        "id": "CVE-2014-1259", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mountain Lion v10.8.5", 
        "description": "A memory corruption issue existed in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may have led to an unexpected application termination or arbitrary code execution. This issue does not affect systems running OS X Mavericks 10.9 or later.", 
        "update": "", 
        "module": "QuickLook", 
        "id": "CVE-2014-1260 ", 
        "credit": "Felix Groebert of the Google Security Team", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "Applications that use CoreText may be vulnerable to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mavericks 10.9 and 10.9.1", 
        "description": "A signedness issue existed in CoreText in the handling of Unicode fonts. This issue is addressed through improved bounds checking.", 
        "update": "", 
        "module": "CoreText", 
        "id": "CVE-2014-1261 ", 
        "credit": "Lucas Apa and Carlos Mario Penagos of IOActive Labs", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "The App Sandbox may be bypassed", 
        "available": "OS X Mavericks 10.9 and 10.9.1", 
        "description": "A memory corruption issue existed in the handling of Mach messages passed to ATS. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "ATS", 
        "id": "CVE-2014-1262 ", 
        "credit": "Meder Kydyraliev of the Google Security Team", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "An attacker with a privileged network position may intercept user credentials or other sensitive information", 
        "available": "OS X Mavericks 10.9 and 10.9.1", 
        "description": "When using curl to connect to an HTTPS URL containing an IP address, the IP address was not validated against the certificate. This issue does not affect systems prior to OS X Mavericks v10.9.", 
        "update": "", 
        "module": "curl", 
        "id": "CVE-2014-1263 ", 
        "credit": "Roland Moriz of Moriz GmbH", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "Accessing a file's ACL via Finder may lead to other users gaining unauthorized access to files", 
        "available": "OS X Mavericks 10.9 and 10.9.1", 
        "description": "Accessing a file's ACL via Finder may corrupt the ACLs on the file. This issue was addressed through improved handling of ACLs.", 
        "update": "", 
        "module": "Finder", 
        "id": "CVE-2014-1264", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "An unprivileged user may change the system clock", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1", 
        "description": "This update changes the behavior of the", 
        "update": "", 
        "module": "Date and Time", 
        "id": "CVE-2014-1265", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS", 
        "available": "OS X Mavericks 10.9 and 10.9.1", 
        "description": "Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.", 
        "update": "", 
        "module": "Data Security", 
        "id": "CVE-2014-1266", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6150"
    }, 
    {
        "impact": "Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7, Vista, XP SP2 or later", 
        "description": "An out of bounds byte swapping issue existed in the handling of QuickTime image descriptions. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "QuickTime", 
        "id": "CVE-2013-1032 ", 
        "credit": "Jason Kratzer working with iDefense VCP", 
        "page": "http://support.apple.com/en-us/HT6151"
    }, 
    {
        "impact": "Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7, Vista, XP SP2 or later", 
        "description": "An uninitialized pointer issue existed in the handling of track lists. This issue was addressed through improved error checking.", 
        "update": "", 
        "module": "QuickTime", 
        "id": "CVE-2014-1243 ", 
        "credit": "Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative", 
        "page": "http://support.apple.com/en-us/HT6151"
    }, 
    {
        "impact": "Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7, Vista, XP SP2 or later", 
        "description": "A buffer overflow existed in the handling of H.264 encoded movie files. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "QuickTime", 
        "id": "CVE-2014-1244 ", 
        "credit": "Tom Gallagher & Paul Bates working with HP's Zero Day Initiative", 
        "page": "http://support.apple.com/en-us/HT6151"
    }, 
    {
        "impact": "Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7, Vista, XP SP2 or later", 
        "description": "A signedness issue existed in the handling of 'stsz' atoms. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "QuickTime", 
        "id": "CVE-2014-1245 ", 
        "credit": "Tom Gallagher & Paul Bates working with HP's Zero Day Initiative", 
        "page": "http://support.apple.com/en-us/HT6151"
    }, 
    {
        "impact": "Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7, Vista, XP SP2 or later", 
        "description": "A buffer overflow existed in the handling of 'ftab' atoms. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "QuickTime", 
        "id": "CVE-2014-1246 ", 
        "credit": "An anonymous researcher working with HP's Zero Day Initiative", 
        "page": "http://support.apple.com/en-us/HT6151"
    }, 
    {
        "impact": "Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7, Vista, XP SP2 or later", 
        "description": "A buffer overflow existed in the handling of PSD images. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "QuickTime", 
        "id": "CVE-2014-1249 ", 
        "credit": "dragonltx of Tencent Security Team", 
        "page": "http://support.apple.com/en-us/HT6151"
    }, 
    {
        "impact": "Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7, Vista, XP SP2 or later", 
        "description": "An out of bounds byte swapping issue existed in the handling of 'ttfo' elements. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "QuickTime", 
        "id": "CVE-2014-1250 ", 
        "credit": "Jason Kratzer working with iDefense VCP", 
        "page": "http://support.apple.com/en-us/HT6151"
    }, 
    {
        "impact": "Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7, Vista, XP SP2 or later", 
        "description": "A buffer overflow existed in the handling of 'clef' atoms. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "QuickTime", 
        "id": "CVE-2014-1251 ", 
        "credit": "Aliz Hammond working with HP's Zero Day Initiative", 
        "page": "http://support.apple.com/en-us/HT6151"
    }, 
    {
        "impact": "A man-in-the-middle attacker may entice a user into downloading a malicious app via Enterprise App Download", 
        "available": "iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "An attacker with a privileged network position could spoof network communications to entice a user into downloading a malicious app. This issue was mitigated by using SSL and prompting the user during URL redirects.", 
        "update": "", 
        "module": "iTunes Store", 
        "id": "CVE-2013-3948 ", 
        "credit": "Stefan Esser", 
        "page": "http://support.apple.com/en-us/HT6162"
    }, 
    {
        "impact": "A maliciously crafted backup can alter the filesystem", 
        "available": "iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A symbolic link in a backup would be restored, allowing subsequent operations during the restore to write to the rest of the filesystem. This issue was addressed by checking for symbolic links during the restore process.", 
        "update": "", 
        "module": "Backup", 
        "id": "CVE-2013-5133 ", 
        "credit": "evad3rs", 
        "page": "http://support.apple.com/en-us/HT6162"
    }, 
    {
        "impact": "Opening a maliciously crafted Microsoft Word document may lead to an unexpected application termination or arbitrary code execution", 
        "available": "iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A double free issue existed in the handling of Microsoft Word documents. This issue was addressed through improved memory management.", 
        "update": "", 
        "module": "Office Viewer", 
        "id": "CVE-2014-1252 ", 
        "credit": "Felix Groebert of the Google Security Team", 
        "page": "http://support.apple.com/en-us/HT6162"
    }, 
    {
        "impact": "A person with physical access to the device may be able to access FaceTime contacts from the lock screen", 
        "available": "iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "FaceTime contacts on a locked device could be exposed by making a failed FaceTime call from the lock screen. This issue was addressed through improved handling of FaceTime calls.", 
        "update": "", 
        "module": "FaceTime", 
        "id": "CVE-2014-1274", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6162"
    }, 
    {
        "impact": "A malicious application may monitor on user actions in other apps", 
        "available": "iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "An interface in IOKit framework allowed malicious apps to monitor on user actions in other apps. This issue was addressed through improved access control policies in the framework.", 
        "update": "", 
        "module": "IOKit HID Event", 
        "id": "CVE-2014-1276 ", 
        "credit": "Min Zheng, Hui Xue, and Dr. Tao (Lenx) Wei of FireEye", 
        "page": "http://support.apple.com/en-us/HT6162"
    }, 
    {
        "impact": "Deleted images may still appear in the Photos app underneath transparent images", 
        "available": "iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "Deleting an image from the asset library did not delete cached versions of the image. This issue was addressed through improved cache management.", 
        "update": "", 
        "module": "Photos Backend", 
        "id": "CVE-2014-1281 ", 
        "credit": "Walter Hoelblinger of Hoelblinger.com, Morgan Adams, Tom Pennington", 
        "page": "http://support.apple.com/en-us/HT6162"
    }, 
    {
        "impact": "A person with physical access to the device may be able to see the home screen of the device even if the device has not been activated", 
        "available": "iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "An unexpected application termination during activation could cause the phone to show the home screen. The issue was addressed through improved error handling during activation.", 
        "update": "", 
        "module": "Springboard", 
        "id": "CVE-2014-1285 ", 
        "credit": "Roboboi99", 
        "page": "http://support.apple.com/en-us/HT6162"
    }, 
    {
        "impact": "A remote attacker may be able to cause the lock screen to become unresponsive", 
        "available": "iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A state management issue existed in the lock screen. This issue was addressed through improved state management.", 
        "update": "", 
        "module": "SpringBoard Lock Screen", 
        "id": "CVE-2014-1286 ", 
        "credit": "Bogdan Alecu of M-sec.net", 
        "page": "http://support.apple.com/en-us/HT6162"
    }, 
    {
        "impact": "A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password", 
        "available": "iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state.", 
        "update": "", 
        "module": "Settings - Accounts", 
        "id": "CVE-2014-2019", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6162"
    }, 
    {
        "impact": "Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (2nd generation and later)", 
        "description": "A buffer overflow existed in libtiff's handling of TIFF images. This issue was addressed through additional validation of TIFF images.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2012-2088", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6163"
    }, 
    {
        "impact": "Viewing a maliciously crafted JPEG file may lead to the disclosure of memory contents", 
        "available": "Apple TV (2nd generation and later)", 
        "description": "An uninitialized memory access issue existed in libjpeg's handling of JPEG markers, resulting in the disclosure of memory contents. This issue was addressed through additional validation of JPEG files.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2013-6629 ", 
        "credit": "Michal Zalewski", 
        "page": "http://support.apple.com/en-us/HT6163"
    }, 
    {
        "impact": "Profile expiration dates were not honored", 
        "available": "Apple TV (2nd generation and later)", 
        "description": "Expiration dates of mobile configuration profiles were not evaluated correctly. The issue was resolved through improved handling of configuration profiles.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-1267", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6163"
    }, 
    {
        "impact": "A malicious application can cause an unexpected system termination", 
        "available": "Apple TV (2nd generation and later)", 
        "description": "A reachable assertion issue existed in CoreCapture's handling of IOKit API calls. The issue was addressed through additional validation of input from IOKit.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-1271 ", 
        "credit": "Filippo Bigarella", 
        "page": "http://support.apple.com/en-us/HT6163"
    }, 
    {
        "impact": "A local user may be able to change permissions on arbitrary files", 
        "available": "Apple TV (2nd generation and later)", 
        "description": "CrashHouseKeeping followed symbolic links while changing permissions on files. This issue was addressed by not following symbolic links when changing permissions on files.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-1272 ", 
        "credit": "evad3rs", 
        "page": "http://support.apple.com/en-us/HT6163"
    }, 
    {
        "impact": "Code signing requirements may be bypassed", 
        "available": "Apple TV (2nd generation and later)", 
        "description": "Text relocation instructions in dynamic libraries may be loaded by dyld without code signature validation. This issue was addressed by ignoring text relocation instructions.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-1273 ", 
        "credit": "evad3rs", 
        "page": "http://support.apple.com/en-us/HT6163"
    }, 
    {
        "impact": "Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (2nd generation and later)", 
        "description": "A buffer overflow existed in the handling of JPEG2000 images in PDF files. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-1275 ", 
        "credit": "Felix Groebert of the Google Security Team", 
        "page": "http://support.apple.com/en-us/HT6163"
    }, 
    {
        "impact": "A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel", 
        "available": "Apple TV (2nd generation and later)", 
        "description": "An out of bounds memory access issue existed in the ARM ptmx_get_ioctl function. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-1278 ", 
        "credit": "evad3rs", 
        "page": "http://support.apple.com/en-us/HT6163"
    }, 
    {
        "impact": "An attacker with access to an Apple TV may access sensitive user information from logs", 
        "available": "Apple TV (2nd generation and later)", 
        "description": "Sensitive user information was logged. This issue was addressed by logging less information.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-1279 ", 
        "credit": "David Schuetz working at Intrepidus Group", 
        "page": "http://support.apple.com/en-us/HT6163"
    }, 
    {
        "impact": "Playing a maliciously crafted video could lead to the device becoming unresponsive", 
        "available": "Apple TV (2nd generation and later)", 
        "description": "A null dereference issue existed in the handling of MPEG-4 encoded files. This issue was addressed through improved memory handling.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-1280 ", 
        "credit": "rg0rd", 
        "page": "http://support.apple.com/en-us/HT6163"
    }, 
    {
        "impact": "A configuration profile may be hidden from the user", 
        "available": "Apple TV (2nd generation and later)", 
        "description": "A configuration profile with a long name could be loaded onto the device but was not displayed in the profile UI. The issue was addressed through improved handling of profile names.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-1282 ", 
        "credit": "Assaf Hefetz, Yair Amit and Adi Sharabani of Skycure", 
        "page": "http://support.apple.com/en-us/HT6163"
    }, 
    {
        "impact": "A person with physical access to the device may be able to cause arbitrary code execution in kernel mode", 
        "available": "Apple TV (2nd generation and later)", 
        "description": "A memory corruption issue existed in the handling of USB messages. This issue was addressed through additional validation of USB messages.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-1287 ", 
        "credit": "Andy Davis of NCC Group", 
        "page": "http://support.apple.com/en-us/HT6163"
    }, 
    {
        "impact": "An attacker running arbitrary code in the WebProcess may be able to read arbitrary files despite sandbox restrictions", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2", 
        "description": "A logic issue existed in the handling of IPC messages from the WebProcess. This issue was addressed through additional validation of IPC messages.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2014-1297 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6181"
    }, 
    {
        "impact": "An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL", 
        "available": "Apple TV 2nd generation and later", 
        "description": "In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-1295 ", 
        "credit": "Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris", 
        "page": "http://support.apple.com/en-us/HT6209"
    }, 
    {
        "impact": "An attacker in a privileged network position can obtain web site credentials", 
        "available": "Apple TV 2nd generation and later", 
        "description": "Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-1296 ", 
        "credit": "Antoine Delignat-Lavaud of Prosecco at Inria Paris", 
        "page": "http://support.apple.com/en-us/HT6209"
    }, 
    {
        "impact": "A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization", 
        "available": "Apple TV 2nd generation and later", 
        "description": "A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-1320 ", 
        "credit": "Ian Beer of Google Project Zero working with HP's Zero Day Initiative", 
        "page": "http://support.apple.com/en-us/HT6209"
    }, 
    {
        "impact": "An attacker in a privileged network position can obtain iTunes credentials", 
        "available": "Windows 8, Windows 7, Vista, and XP SP3 or later", 
        "description": "Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1296", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6245"
    }, 
    {
        "impact": "Viewing a maliciously crafted audio or movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, and XP SP3 or later", 
        "description": "A memory corruption issue existed in iTunes MP4 parsing. This issue was addressed through additional bounds checking.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-8842 ", 
        "credit": "Karl Smith of NCC Group", 
        "page": "http://support.apple.com/en-us/HT6245"
    }, 
    {
        "impact": "A local user can compromise other local user accounts", 
        "available": "Mac OS X v10.6.8 or later", 
        "description": "", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1347", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6251"
    }, 
    {
        "impact": "Dragging a URL from a maliciously crafted website to another window could lead to the disclosure of local file content", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3", 
        "description": "", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2014-1369 ", 
        "credit": "Aaron Sigel of vtty.com", 
        "page": "http://support.apple.com/en-us/HT6293"
    }, 
    {
        "impact": "A remote attacker may be able to gain access to another user's session", 
        "available": "OS X Mavericks 10.9 to 10.9.3", 
        "description": "cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session.", 
        "update": "", 
        "module": "curl", 
        "id": "CVE-2014-0015", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6296"
    }, 
    {
        "impact": "An attacker with access to a system may be able to recover Apple ID credentials", 
        "available": "OS X Mavericks 10.9 to 10.9.3", 
        "description": "An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials.", 
        "update": "", 
        "module": "iBooks Commerce", 
        "id": "CVE-2014-1317 ", 
        "credit": "Steve Dunham", 
        "page": "http://support.apple.com/en-us/HT6296"
    }, 
    {
        "impact": "Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3", 
        "description": "An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "copyfile", 
        "id": "CVE-2014-1370 ", 
        "credit": "Chaitanya (SegFault) working with iDefense VCP", 
        "page": "http://support.apple.com/en-us/HT6296"
    }, 
    {
        "impact": "A sandboxed application may be able to circumvent sandbox restrictions", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3", 
        "description": "An unvalidated array index issue existed in the Dock\u2019s handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution.", 
        "update": "", 
        "module": "Dock", 
        "id": "CVE-2014-1371 ", 
        "credit": "an anonymous researcher working with HP's Zero Day Initiative", 
        "page": "http://support.apple.com/en-us/HT6296"
    }, 
    {
        "impact": "A local user can read kernel memory, which can be used to bypass kernel address space layout randomization", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3", 
        "description": "An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "Graphics Driver", 
        "id": "CVE-2014-1372 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6296"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3", 
        "description": "A validation issue existed in the handling of an OpenGL API call. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2014-1373 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6296"
    }, 
    {
        "impact": "A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization", 
        "available": "OS X Mavericks 10.9 to 10.9.3", 
        "description": "A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by removing the pointer from the object.", 
        "update": "", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2014-1375", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6296"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3", 
        "description": "A validation issue existed in the handling of an OpenCL API call. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "Intel Compute", 
        "id": "CVE-2014-1376 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6296"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3", 
        "description": "An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "IOAcceleratorFamily", 
        "id": "CVE-2014-1377 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6296"
    }, 
    {
        "impact": "A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization", 
        "available": "OS X Mavericks 10.9 to 10.9.3", 
        "description": "A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer.", 
        "update": "", 
        "module": "IOGraphicsFamily", 
        "id": "CVE-2014-1378", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6296"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3", 
        "description": "Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges.", 
        "update": "", 
        "module": "Graphics Drivers", 
        "id": "CVE-2014-1379 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6296"
    }, 
    {
        "impact": "An attacker may be able to type into windows under the screen lock", 
        "available": "OS X Mavericks 10.9 to 10.9.3", 
        "description": "Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management.", 
        "update": "", 
        "module": "Security - Keychain", 
        "id": "CVE-2014-1380 ", 
        "credit": "Ben Langfeld of Mojo Lingo LLC", 
        "page": "http://support.apple.com/en-us/HT6296"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "OS X Mavericks 10.9 to 10.9.3", 
        "description": "An out of bounds memory access issue existed in the handling of IOThunderBoltController API calls. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "Thunderbolt", 
        "id": "CVE-2014-1381 ", 
        "credit": "Sarah aka winocm\n\nEntry updated February 3, 2020", 
        "page": "http://support.apple.com/en-us/HT6296"
    }, 
    {
        "impact": "A maliciously crafted website may be able to spoof its domain name in the address bar", 
        "available": "iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2014-1345 ", 
        "credit": "Erling Ellingsen of Facebook", 
        "page": "http://support.apple.com/en-us/HT6297"
    }, 
    {
        "impact": "A malicious site can send messages to a connected frame or window in a way that might circumvent the receiver's origin check", 
        "available": "iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "An encoding issue existed in the handling of unicode characters in URLs. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2014-1346 ", 
        "credit": "Erling Ellingsen of Facebook", 
        "page": "http://support.apple.com/en-us/HT6297"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution", 
        "available": "iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling.", 
        "update": "", 
        "module": "Safari", 
        "id": "CVE-2014-1349 ", 
        "credit": "Reno Robert and Dhanesh Kizhakkinan", 
        "page": "http://support.apple.com/en-us/HT6297"
    }, 
    {
        "impact": "A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password", 
        "available": "iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state.", 
        "update": "", 
        "module": "Settings", 
        "id": "CVE-2014-1350", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6297"
    }, 
    {
        "impact": "A person with physical access to the phone may be able to view all contacts", 
        "available": "iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later", 
        "description": "If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode.", 
        "update": "", 
        "module": "Siri", 
        "id": "CVE-2014-1351 ", 
        "credit": "Sherif Hashim", 
        "page": "http://support.apple.com/en-us/HT6297"
    }, 
    {
        "impact": "An attacker in possession of a device may exceed the maximum number of failed passcode attempts", 
        "available": "iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit.", 
        "update": "", 
        "module": "Lock Screen", 
        "id": "CVE-2014-1352 ", 
        "credit": "mblsec", 
        "page": "http://support.apple.com/en-us/HT6297"
    }, 
    {
        "impact": "A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking", 
        "available": "iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode.", 
        "update": "", 
        "module": "Lock Screen", 
        "id": "CVE-2014-1353", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6297"
    }, 
    {
        "impact": "Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "CoreGraphics", 
        "id": "CVE-2014-1354 ", 
        "credit": "Dima Kovalenko of codedigging.com", 
        "page": "http://support.apple.com/en-us/HT6297"
    }, 
    {
        "impact": "An application could cause the device to unexpectedly restart", 
        "available": "Apple TV 2nd generation and later", 
        "description": "A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-1355 ", 
        "credit": "cunzhang from Adlab of Venustech", 
        "page": "http://support.apple.com/en-us/HT6298"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "Apple TV 2nd generation and later", 
        "description": "A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-1356 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6298"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "Apple TV 2nd generation and later", 
        "description": "A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-1357 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6298"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "Apple TV 2nd generation and later", 
        "description": "An integer overflow existed in launchd. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-1358 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6298"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "Apple TV 2nd generation and later", 
        "description": "An integer underflow existed in launchd. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-1359 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6298"
    }, 
    {
        "impact": "Two bytes of memory could be disclosed to a remote attacker", 
        "available": "Apple TV 2nd generation and later", 
        "description": "An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-1361 ", 
        "credit": "Thijs Alkemade of The Adium Project", 
        "page": "http://support.apple.com/en-us/HT6298"
    }, 
    {
        "impact": "An iTunes Store transaction may be completed with insufficient authorization", 
        "available": "Apple TV 2nd generation and later", 
        "description": "A signed-in user was able to complete an iTunes Store transaction without providing a valid password when prompted. This issue was addressed by additional enforcement of purchase authorization.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-1383 ", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6298"
    }, 
    {
        "impact": "An attacker with a privileged network position may intercept user credentials", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5", 
        "description": "Saved passwords were autofilled on http sites, on https sites with broken trust, and in iframes. This issue was addressed by restricting password autofill to the main frame of https sites with valid certificate chains.", 
        "update": "", 
        "module": "Safari", 
        "id": "CVE-2014-4363 ", 
        "credit": "David Silver, Suman Jana, and Dan Boneh of Stanford University working with Eric Chen and Collin Jackson of Carnegie Mellon University", 
        "page": "http://support.apple.com/en-us/HT6440"
    }, 
    {
        "impact": "A malicious website may be able to track users even when private browsing is enabled", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5", 
        "description": "A web application could store HTML 5 application cache data during normal browsing and then read the data during private browsing. This was addressed by disabling access to the application cache when in private browsing mode.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2014-4409 ", 
        "credit": "Yosuke Hasegawa (NetAgent Co., Led.)", 
        "page": "http://support.apple.com/en-us/HT6440"
    }, 
    {
        "impact": "User credentials may be disclosed to an unintended site via autofill", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "Safari may have autofilled user names and passwords into a subframe from a different domain than the main frame. This issue was addressed through improved origin tracking.", 
        "update": "", 
        "module": "Safari", 
        "id": "CVE-2013-5227 ", 
        "credit": "Niklas Malmgren of Klarna AB", 
        "page": "http://support.apple.com/en-us/HT6441"
    }, 
    {
        "impact": "Tapping on a FaceTime link in Mail would trigger a FaceTime audio call without prompting", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "", 
        "update": "", 
        "module": "Data Detectors", 
        "id": "CVE-2013-6835 ", 
        "credit": "Guillaume Ross", 
        "page": "http://support.apple.com/en-us/HT6441"
    }, 
    {
        "impact": "A person with physical access to an iOS device may potentially read email attachments", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A logic issue existed in Mail's use of Data Protection on email attachments. This issue was addressed by properly setting the Data Protection class for email attachments.", 
        "update": "", 
        "module": "Mail", 
        "id": "CVE-2014-1348 ", 
        "credit": "Andreas Kurtz of NESO Security Labs", 
        "page": "http://support.apple.com/en-us/HT6441"
    }, 
    {
        "impact": "A device can be manipulated into incorrectly presenting the home screen when the device is activation locked", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "An issue existed with unlocking behavior that caused a device to proceed to the home screen even if it should still be in an activation locked state. This was addressed by changing the information a device verifies during an unlock request.", 
        "update": "", 
        "module": "Lockdown", 
        "id": "CVE-2014-1360", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6441"
    }, 
    {
        "impact": "A person with physical access to an iOS device may read the address book", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "The address book was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the address book with a key protected by the hardware UID and the user's passcode.", 
        "update": "", 
        "module": "Address Book", 
        "id": "CVE-2014-4352 ", 
        "credit": "Jonathan Zdziarski", 
        "page": "http://support.apple.com/en-us/HT6441"
    }, 
    {
        "impact": "Attachments may persist after the parent iMessage or MMS is deleted", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A race condition existed in how attachments were deleted. This issue was addressed by conducting additional checks on whether an attachment has been deleted.", 
        "update": "", 
        "module": "iMessage", 
        "id": "CVE-2014-4353 ", 
        "credit": "Silviu Schiau", 
        "page": "http://support.apple.com/en-us/HT6441"
    }, 
    {
        "impact": "Bluetooth is unexpectedly enabled by default after upgrading iOS", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "Bluetooth was enabled automatically after upgrading iOS. This was addressed by only turning on Bluetooth for major or minor version updates.", 
        "update": "", 
        "module": "Bluetooth", 
        "id": "CVE-2014-4354 ", 
        "credit": "Maneet Singh, Sean Bluestein", 
        "page": "http://support.apple.com/en-us/HT6441"
    }, 
    {
        "impact": "Text message previews may appear at the lock screen even when this feature is disabled", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "An issue existed in the previewing of text message notifications at the lock screen. As a result, the contents of received messages would be shown at the lock screen even when previews were disabled in Settings. The issue was addressed through improved observance of this setting.", 
        "update": "", 
        "module": "Settings", 
        "id": "CVE-2014-4356 ", 
        "credit": "Mattia Schirinzi from San Pietro Vernotico (BR), Italy", 
        "page": "http://support.apple.com/en-us/HT6441"
    }, 
    {
        "impact": "A background app can determine which app is frontmost", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "The private API for determining the frontmost app did not have sufficient access control. This issue was addressed through additional access control.", 
        "update": "", 
        "module": "Home & Lock Screen", 
        "id": "CVE-2014-4361 ", 
        "credit": "Andreas Kurtz of NESO Security Labs and Markus Tro\u00dfbach of Heilbronn University", 
        "page": "http://support.apple.com/en-us/HT6441"
    }, 
    {
        "impact": "Apple ID information is accessible by third-party apps", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "An information disclosure issue existed in the third-party app sandbox. This issue was addressed by improving the third-party sandbox profile.", 
        "update": "", 
        "module": "Sandbox Profiles", 
        "id": "CVE-2014-4362 ", 
        "credit": "Andreas Kurtz of NESO Security Labs and Markus Tro\u00dfbach of Heilbronn University", 
        "page": "http://support.apple.com/en-us/HT6441"
    }, 
    {
        "impact": "Login credentials can be sent in plaintext even if the server has advertised the LOGINDISABLED IMAP capability", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "Mail sent the LOGIN command to servers even if they had advertised the LOGINDISABLED IMAP capability. This issue is mostly a concern when connecting to servers that are configured to accept non-encrypted connections and that advertise LOGINDISABLED. This issue was addressed by respecting the LOGINDISABLED IMAP capability.", 
        "update": "", 
        "module": "Mail", 
        "id": "CVE-2014-4366 ", 
        "credit": "Mark Crispin", 
        "page": "http://support.apple.com/en-us/HT6441"
    }, 
    {
        "impact": "Voice Dial is unexpectedly enabled after upgrading iOS", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "Voice Dial was enabled automatically after upgrading iOS. This issue was addressed through improved state management.", 
        "update": "", 
        "module": "Profiles", 
        "id": "CVE-2014-4367 ", 
        "credit": "Sven Heinemann", 
        "page": "http://support.apple.com/en-us/HT6441"
    }, 
    {
        "impact": "The device may not lock the screen when using AssistiveTouch", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A logic issue existed in AssistiveTouch's handling of events, which resulted in the screen not locking. This issue was addressed through improved handling of the lock timer.", 
        "update": "", 
        "module": "Accessibility", 
        "id": "CVE-2014-4368 ", 
        "credit": "Hendrik Bettermann", 
        "page": "http://support.apple.com/en-us/HT6441"
    }, 
    {
        "impact": "A local attacker may be able to escalate privileges and install unverified applications", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A path traversal issue existed in App Installation. A local attacker could have retargeted code signature validation to a bundle different from the one being installed and cause installation of an unverified app. This issue was addressed by detecting and preventing path traversal when determining which code signature to verify.", 
        "update": "", 
        "module": "App Installation", 
        "id": "CVE-2014-4384 ", 
        "credit": "evad3rs", 
        "page": "http://support.apple.com/en-us/HT6441"
    }, 
    {
        "impact": "A local attacker may be able to escalate privileges and install unverified applications", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A race condition existed in App Installation. An attacker with the capability of writing to /tmp may have been able to install an unverified app. This issue was addressed by staging files for installation in another directory.", 
        "update": "", 
        "module": "App Installation", 
        "id": "CVE-2014-4386 ", 
        "credit": "evad3rs", 
        "page": "http://support.apple.com/en-us/HT6441"
    }, 
    {
        "impact": "A malicious application may be able to identify the Apple ID of the user", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "An issue existed in the access control logic for accounts. A sandboxed application could get information about the currently-active iCloud account, including the name of the account. This issue was addressed by restricting access to certain account types from unauthorized applications.", 
        "update": "", 
        "module": "Accounts", 
        "id": "CVE-2014-4423 ", 
        "credit": "Adam Weaver", 
        "page": "http://support.apple.com/en-us/HT6441"
    }, 
    {
        "impact": "An attacker in a privileged network position may spoof URLs on Safari", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A user interface inconsistency existed in Safari on MDM-enabled devices. The issue was addressed through improved user interface consistency checks.", 
        "update": "", 
        "module": "Safari", 
        "id": "CVE-2014-8841 ", 
        "credit": "Angelo Prado of Salesforce Product Security", 
        "page": "http://support.apple.com/en-us/HT6441"
    }, 
    {
        "impact": "An attacker with access to an device may access sensitive user information from logs", 
        "available": "Apple TV 3rd generation and later", 
        "description": "Sensitive user information was logged. This issue was addressed by logging less information.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-4357 ", 
        "credit": "Heli Myllykoski of OP-Pohjola Group", 
        "page": "http://support.apple.com/en-us/HT6442"
    }, 
    {
        "impact": "A local user may be able to change permissions on arbitrary files", 
        "available": "Apple TV 3rd generation and later", 
        "description": "syslogd followed symbolic links while changing permissions on files. This issue was addressed through improved handling of symbolic links.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-4372 ", 
        "credit": "Tielei Wang and YeongJin Jang of Georgia Tech Information Security Center (GTISC)", 
        "page": "http://support.apple.com/en-us/HT6442"
    }, 
    {
        "impact": "A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel", 
        "available": "Apple TV 3rd generation and later", 
        "description": "A double free issue existed in the handling of Mach ports. This issue was addressed through improved validation of Mach ports.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-4375", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6442"
    }, 
    {
        "impact": "An attacker with a privileged network position may be able to cause a device to think that it is up to date even when it is not", 
        "available": "Apple TV 3rd generation and later", 
        "description": "A validation issue existed in the handling of update check responses. Spoofed dates from Last-Modified response headers set to future dates were used for If-Modified-Since checks in subsequent update requests. This issue was addressed by validation of the Last-Modified header.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-4383 ", 
        "credit": "Raul Siles of DinoSec", 
        "page": "http://support.apple.com/en-us/HT6442"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP 5.4.24", 
        "available": "OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30", 
        "update": "", 
        "module": "apache_mod_php", 
        "id": "CVE-2013-7345", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Multiple vulnerabilities in OpenSSL 0.9.8y, including one that may lead to arbitrary code execution", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple vulnerabilities existed in OpenSSL 0.9.8y. This update was addressed by updating OpenSSL to version 0.9.8za.", 
        "update": "", 
        "module": "OpenSSL", 
        "id": "CVE-2014-0076", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP 5.4.24", 
        "available": "OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30", 
        "update": "", 
        "module": "apache_mod_php", 
        "id": "CVE-2014-0185", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Multiple vulnerabilities in OpenSSL 0.9.8y, including one that may lead to arbitrary code execution", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple vulnerabilities existed in OpenSSL 0.9.8y. This update was addressed by updating OpenSSL to version 0.9.8za.", 
        "update": "", 
        "module": "OpenSSL", 
        "id": "CVE-2014-0195", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP 5.4.24", 
        "available": "OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30", 
        "update": "", 
        "module": "apache_mod_php", 
        "id": "CVE-2014-0207", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Multiple vulnerabilities in OpenSSL 0.9.8y, including one that may lead to arbitrary code execution", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple vulnerabilities existed in OpenSSL 0.9.8y. This update was addressed by updating OpenSSL to version 0.9.8za.", 
        "update": "", 
        "module": "OpenSSL", 
        "id": "CVE-2014-0221", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Multiple vulnerabilities in OpenSSL 0.9.8y, including one that may lead to arbitrary code execution", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple vulnerabilities existed in OpenSSL 0.9.8y. This update was addressed by updating OpenSSL to version 0.9.8za.", 
        "update": "", 
        "module": "OpenSSL", 
        "id": "CVE-2014-0224", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP 5.4.24", 
        "available": "OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30", 
        "update": "", 
        "module": "apache_mod_php", 
        "id": "CVE-2014-0237", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP 5.4.24", 
        "available": "OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30", 
        "update": "", 
        "module": "apache_mod_php", 
        "id": "CVE-2014-0238", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP 5.4.24", 
        "available": "OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30", 
        "update": "", 
        "module": "apache_mod_php", 
        "id": "CVE-2014-1943", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP 5.4.24", 
        "available": "OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30", 
        "update": "", 
        "module": "apache_mod_php", 
        "id": "CVE-2014-2270", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "A remote attacker may be able to cause arbitrary code execution", 
        "available": "OS X Mavericks v10.9 to v10.9.4", 
        "description": "A heap buffer overflow existed in LibYAML's handling of percent-encoded characters in a URI. This issue was addressed through improved bounds checking. This update addresses the issues by updating LibYAML to version 0.1.6", 
        "update": "", 
        "module": "ruby", 
        "id": "CVE-2014-2525", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Multiple vulnerabilities in OpenSSL 0.9.8y, including one that may lead to arbitrary code execution", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple vulnerabilities existed in OpenSSL 0.9.8y. This update was addressed by updating OpenSSL to version 0.9.8za.", 
        "update": "", 
        "module": "OpenSSL", 
        "id": "CVE-2014-3470", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP 5.4.24", 
        "available": "OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30", 
        "update": "", 
        "module": "apache_mod_php", 
        "id": "CVE-2014-3478", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP 5.4.24", 
        "available": "OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30", 
        "update": "", 
        "module": "apache_mod_php", 
        "id": "CVE-2014-3479", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP 5.4.24", 
        "available": "OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30", 
        "update": "", 
        "module": "apache_mod_php", 
        "id": "CVE-2014-3480", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP 5.4.24", 
        "available": "OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30", 
        "update": "", 
        "module": "apache_mod_php", 
        "id": "CVE-2014-3487", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP 5.4.24", 
        "available": "OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30", 
        "update": "", 
        "module": "apache_mod_php", 
        "id": "CVE-2014-3515", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP 5.4.24", 
        "available": "OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30", 
        "update": "", 
        "module": "apache_mod_php", 
        "id": "CVE-2014-3981", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP 5.4.24", 
        "available": "OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30", 
        "update": "", 
        "module": "apache_mod_php", 
        "id": "CVE-2014-4049", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "An application using NSXMLParser may be misused to disclose information", 
        "available": "OS X Mavericks v10.9 to v10.9.4", 
        "description": "An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins.", 
        "update": "", 
        "module": "Foundation", 
        "id": "CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4", 
        "description": "A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through improved validation of IOKit API arguments.", 
        "update": "", 
        "module": "IOAcceleratorFamily", 
        "id": "CVE-2014-4376 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4", 
        "description": "An integer overflow existed in the handling of PDF files. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "CoreGraphics", 
        "id": "CVE-2014-4377 ", 
        "credit": "Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Opening a maliciously crafted PDF file may lead to an unexpected application termination or an information disclosure", 
        "available": "OS X Mavericks v10.9 to v10.9.4", 
        "description": "An out of bounds memory read existed in the handling of PDF files. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "CoreGraphics", 
        "id": "CVE-2014-4378 ", 
        "credit": "Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4", 
        "description": "An out-of-bounds read issue existed in the handling of an IOHIDFamily function. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "IOHIDFamily", 
        "id": "CVE-2014-4379 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with root privileges", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4", 
        "description": "An out-of-bounds write issue existed in Libnotify. This issue was addressed through improved bounds checking", 
        "update": "", 
        "module": "Libnotify", 
        "id": "CVE-2014-4381 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4", 
        "description": "An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "IOKit", 
        "id": "CVE-2014-4389 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "OS X Mavericks v10.9 to v10.9.4", 
        "description": "A validation issue existed in the handling of a Bluetooth API call. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "Bluetooth", 
        "id": "CVE-2014-4390 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "Compiling untrusted GLSL shaders may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4", 
        "description": "A user-space buffer overflow existed in the shader compiler. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2014-4393 ", 
        "credit": "Apple", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple validation issues existed in some integrated graphics driver routines. These issues were addressed through improved bounds checking.", 
        "update": "", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2014-4394 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple validation issues existed in some integrated graphics driver routines. These issues were addressed through improved bounds checking.", 
        "update": "", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2014-4395 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple validation issues existed in some integrated graphics driver routines. These issues were addressed through improved bounds checking.", 
        "update": "", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2014-4396 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple validation issues existed in some integrated graphics driver routines. These issues were addressed through improved bounds checking.", 
        "update": "", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2014-4397 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple validation issues existed in some integrated graphics driver routines. These issues were addressed through improved bounds checking.", 
        "update": "", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2014-4398 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple validation issues existed in some integrated graphics driver routines. These issues were addressed through improved bounds checking.", 
        "update": "", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2014-4399 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple validation issues existed in some integrated graphics driver routines. These issues were addressed through improved bounds checking.", 
        "update": "", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2014-4400 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple validation issues existed in some integrated graphics driver routines. These issues were addressed through improved bounds checking.", 
        "update": "", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2014-4401 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "OS X Mavericks v10.9 to v10.9.4", 
        "description": "An out-of-bounds read issue existed in the handling of an IOAcceleratorFamily function. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "IOAcceleratorFamily", 
        "id": "CVE-2014-4402 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "A local user can infer kernel addresses and bypass kernel address space layout randomization", 
        "available": "OS X Mavericks v10.9 to v10.9.4", 
        "description": "In some cases, the CPU Global Descriptor Table was allocated at a predictable address. This issue was addressed through always allocating the Global Descriptor Table at random addresses.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2014-4403 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 to v10.9.4", 
        "description": "Multiple validation issues existed in some integrated graphics driver routines. These issues were addressed through improved bounds checking.", 
        "update": "", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2014-4416 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "http://support.apple.com/en-us/HT6443"
    }, 
    {
        "impact": "A malicious attacker may be able to cause Subversion to terminate unexpectedly", 
        "available": "OS X Mavericks v10.9.4 or later", 
        "description": "A denial of service issue existed in Subversion when SVNListParentPath was enabled. This issue was addressed by updating Subversion to version 1.7.17.", 
        "update": "", 
        "module": "subversion", 
        "id": "CVE-2014-0032", 
        "credit": "", 
        "page": "http://support.apple.com/en-us/HT6444"
    }, 
    {
        "impact": "An attacker in possession of a device may exceed the maximum number of failed passcode attempts", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit.", 
        "update": "", 
        "module": "Lock Screen", 
        "id": "CVE-2014-4451 ", 
        "credit": "Stuart Ryan of University of Technology, Sydney", 
        "page": "https://support.apple.com/en-us/HT204418"
    }, 
    {
        "impact": "A malicious application may be able to launch arbitrary binaries on a trusted device", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A permissions issue existed with the debugging functionality for iOS that allowed the spawning of applications on trusted devices that were not being debugged. This was addressed by changes to debugserver's sandbox.", 
        "update": "", 
        "module": "Sandbox Profiles", 
        "id": "CVE-2014-4457 ", 
        "credit": "@PanguTeam", 
        "page": "https://support.apple.com/en-us/HT204418"
    }, 
    {
        "impact": "A person with physical access to the phone may be able to access photos in the Photo Library", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "The Leave a Message option in FaceTime may have allowed viewing and sending photos from the device. This issue was addressed through improved state management.", 
        "update": "", 
        "module": "Lock Screen", 
        "id": "CVE-2014-4463", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT204418"
    }, 
    {
        "impact": "Unnecessary information is included as part of the initial connection between Spotlight or Safari and the Spotlight Suggestions servers", 
        "available": "OS X Yosemite v10.10", 
        "description": "The initial connection made by Spotlight or Safari to the Spotlight Suggestions servers included a user's approximate location before a user entered a query. This issue was addressed by removing this information from the initial connection and only sending the user's approximate location as part of queries.", 
        "update": "", 
        "module": "Spotlight", 
        "id": "CVE-2014-4453 ", 
        "credit": "Ashkan Soltani", 
        "page": "https://support.apple.com/en-us/HT204419"
    }, 
    {
        "impact": "Unnecessary information is included as part of a connection to Apple to determine the system model", 
        "available": "OS X Yosemite v10.10", 
        "description": "The request made by About This Mac to determine the model of the system and direct users to the correct help resources included unnecessary cookies. This issue was addressed by removing cookies from the connection.", 
        "update": "", 
        "module": "System Profiler About This Mac", 
        "id": "CVE-2014-4458 ", 
        "credit": "Landon Fuller of Plausible Labs", 
        "page": "https://support.apple.com/en-us/HT204419"
    }, 
    {
        "impact": "Website cache may not be fully cleared after leaving private browsing", 
        "available": "OS X Yosemite v10.10", 
        "description": "A privacy issue existed where browsing data could remain in the cache after leaving private browsing. This issue was addressed through a change in caching behavior.", 
        "update": "", 
        "module": "CFNetwork", 
        "id": "CVE-2014-4460", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT204419"
    }, 
    {
        "impact": "A local user may be able to execute unsigned code", 
        "available": "Apple TV 3rd generation and later", 
        "description": "A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed through improved validation of segment sizes.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-4455 ", 
        "credit": "@PanguTeam", 
        "page": "https://support.apple.com/en-us/HT204420"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "Apple TV 3rd generation and later", 
        "description": "A validation issue existed in the handling of certain metadata fields of IOSharedDataQueue objects. This issue was addressed through relocation of the metadata.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-4461 ", 
        "credit": "@PanguTeam", 
        "page": "https://support.apple.com/en-us/HT204420"
    }, 
    {
        "impact": "An attacker with a privileged network position may cause an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV 3rd generation and later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-4462", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT204420"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1", 
        "description": "Several issues existed in ntpd that would have allowed an attacker to trigger buffer overflows. These issues were addressed through improved error checking.", 
        "update": "", 
        "module": "ntpd", 
        "id": "CVE-2014-9295 ", 
        "credit": "Stephen Roettger of the Google Security Team", 
        "page": "https://support.apple.com/en-us/HT204425"
    }, 
    {
        "impact": "Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7, Vista, XP SP2 or later", 
        "description": "A memory corruption issue existed in the handling of RLE encoded movie files. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "QuickTime", 
        "id": "CVE-2014-1391 ", 
        "credit": "Fernando Munoz working with iDefense VCP, Tom Gallagher & Paul Bates working with HP's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT6493"
    }, 
    {
        "impact": "Playing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7, Vista, XP SP2 or later", 
        "description": "A buffer overflow existed in the handling of MIDI files. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "QuickTime", 
        "id": "CVE-2014-4350 ", 
        "credit": "s3tm3m working with HP's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT6493"
    }, 
    {
        "impact": "Playing a maliciously crafted m4a file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7, Vista, XP SP2 or later", 
        "description": "A buffer overflow existed in the handling of audio samples. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "QuickTime", 
        "id": "CVE-2014-4351 ", 
        "credit": "Karl Smith of NCC Group", 
        "page": "https://support.apple.com/en-us/HT6493"
    }, 
    {
        "impact": "Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7, Vista, XP SP2 or later", 
        "description": "A memory corruption issue existed in the handling of the 'mvhd' atoms. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "QuickTime", 
        "id": "CVE-2014-4979 ", 
        "credit": "Andrea Micalizzi aka rgod working with HP's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT6493"
    }, 
    {
        "impact": "A person with a privileged network position may cause a denial of service", 
        "available": "", 
        "description": "A race condition issue existed in the handling of IPv6 packets. This issue was addressed through improved lock state checking.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2011-2391 ", 
        "credit": "Marc Heuse", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "History of pages recently visited in an open tab may remain after clearing of history", 
        "available": "", 
        "description": "Clearing Safari's history did not clear the back/forward history for open tabs. This issue was addressed by clearing the back/forward history.", 
        "update": "", 
        "module": "Safari", 
        "id": "CVE-2013-5150", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "Multiple vulnerabilities in Apache", 
        "available": "", 
        "description": "Multiple vulnerabilities existed in Apache, the most serious of which may lead to a denial of service. These issues were addressed by updating Apache to version 2.4.9.", 
        "update": "", 
        "module": "apache", 
        "id": "CVE-2013-6438", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "Multiple vulnerabilities in Apache", 
        "available": "", 
        "description": "Multiple vulnerabilities existed in Apache, the most serious of which may lead to a denial of service. These issues were addressed by updating Apache to version 2.4.9.", 
        "update": "", 
        "module": "apache", 
        "id": "CVE-2014-0098", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "A local user can execute arbitrary code with system privileges", 
        "available": "", 
        "description": "When the CUPS web interface served files, it would follow symlinks. A local user could create symlinks to arbitrary files and retrieve them through the web interface. This issue was addressed by disallowing symlinks to be served via the CUPS web interface.", 
        "update": "", 
        "module": "CUPS", 
        "id": "CVE-2014-3537", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "An attacker can obtain WiFi credentials", 
        "available": "", 
        "description": "An attacker could have impersonated a WiFi access point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash, and used the derived credentials to authenticate to the intended access point even if that access point supported stronger authentication methods. This issue was addressed by disabling LEAP by default.", 
        "update": "", 
        "module": "802.1X", 
        "id": "CVE-2014-4364 ", 
        "credit": "Pieter Robyns, Bram Bonne, Peter Quax, and Wim Lamotte of Universiteit Hasselt", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "A local user may be able to determine kernel memory layout", 
        "available": "", 
        "description": "Multiple uninitialized memory issues existed in the network statistics interface, which led to the disclosure of kernel memory content. This issue was addressed through additional memory initialization.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2014-4371 ", 
        "credit": "Fermin J. Serna of the Google Security Team", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "An application may cause a denial of service", 
        "available": "", 
        "description": "A NULL pointer dereference was present in the IntelAccelerator driver. The issue was addressed through improved error handling.", 
        "update": "", 
        "module": "IOAcceleratorFamily", 
        "id": "CVE-2014-4373 ", 
        "credit": "cunzhang from Adlab of Venustech", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel", 
        "available": "", 
        "description": "A double free issue existed in the handling of Mach ports. This issue was addressed through improved validation of Mach ports.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2014-4375 ", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "A user may be able to execute arbitrary code with system privileges", 
        "available": "", 
        "description": "An out-of-bounds write issue exited in the IOHIDFamily driver. The issue was addressed through improved input validation.", 
        "update": "", 
        "module": "IOHIDFamily", 
        "id": "CVE-2014-4380 ", 
        "credit": "cunzhang from Adlab of Venustech", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "", 
        "description": "A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata.", 
        "update": "", 
        "module": "IOKit", 
        "id": "CVE-2014-4388 ", 
        "credit": "@PanguTeam", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "Tampered applications may not be prevented from launching", 
        "available": "", 
        "description": "Apps signed on OS X prior to OS X Mavericks 10.9 or apps using custom resource rules, may have been susceptible to tampering that would not have invalidated the signature. On systems set to allow only apps from the Mac App Store and identified developers, a downloaded modified app could have been allowed to run as though it were legitimate. This issue was addressed by ignoring signatures of bundles with resource envelopes that omit resources that may influence execution. OS X Mavericks v10.9.5 and Security Update 2014-004 for OS X Mountain Lion v10.8.5 already contain these changes.", 
        "update": "", 
        "module": "Security - Code Signing", 
        "id": "CVE-2014-4391 ", 
        "credit": "Christopher Hickstein working with HP's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "", 
        "description": "A heap buffer overflow existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "IOHIDFamily", 
        "id": "CVE-2014-4404 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "", 
        "description": "A null pointer dereference existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved validation of IOHIDFamily key-mapping properties.", 
        "update": "", 
        "module": "IOHIDFamily", 
        "id": "CVE-2014-4405 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "A malicious application may be able to read uninitialized data from kernel memory", 
        "available": "", 
        "description": "An uninitialized memory access issue existed in the handling of IOKit functions. This issue was addressed through improved memory initialization.", 
        "update": "", 
        "module": "IOKit", 
        "id": "CVE-2014-4407 ", 
        "credit": "@PanguTeam", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel", 
        "available": "", 
        "description": "An out-of-bounds read issue existed in rt_setgate. This may lead to memory disclosure or memory corruption. This issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2014-4408", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "Opting in to push notifications from a maliciously crafted website may cause future Safari Push Notifications to be missed", 
        "available": "", 
        "description": "An uncaught exception issue existed in SafariNotificationAgent's handling of Safari Push Notifications. This issue was addressed through improved handling of Safari Push Notifications.", 
        "update": "", 
        "module": "Safari", 
        "id": "CVE-2014-4417 ", 
        "credit": "Marek Isalski of Faelix Limited", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "", 
        "description": "A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata.", 
        "update": "", 
        "module": "IOKit", 
        "id": "CVE-2014-4418 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "A local user may be able to determine kernel memory layout", 
        "available": "", 
        "description": "Multiple uninitialized memory issues existed in the network statistics interface, which led to the disclosure of kernel memory content. This issue was addressed through additional memory initialization.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2014-4419 ", 
        "credit": "Fermin J. Serna of the Google Security Team", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "A local user may be able to determine kernel memory layout", 
        "available": "", 
        "description": "Multiple uninitialized memory issues existed in the network statistics interface, which led to the disclosure of kernel memory content. This issue was addressed through additional memory initialization.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2014-4420 ", 
        "credit": "Fermin J. Serna of the Google Security Team", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "A local user may be able to determine kernel memory layout", 
        "available": "", 
        "description": "Multiple uninitialized memory issues existed in the network statistics interface, which led to the disclosure of kernel memory content. This issue was addressed through additional memory initialization.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2014-4421 ", 
        "credit": "Fermin J. Serna of the Google Security Team", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "Some kernel hardening measures may be bypassed", 
        "available": "", 
        "description": "The random number generator used for kernel hardening measures early in the boot process was not cryptographically secure. Some of its output was inferable from user space, allowing bypass of the hardening measures. This issue was addressed by using a cryptographically secure algorithm.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2014-4422 ", 
        "credit": "Tarjei Mandt of Azimuth Security", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "The 'require password after sleep or screen saver begins' preference may not be respected until after a reboot", 
        "available": "", 
        "description": "A session management issue existed in the handling of system preference settings. This issue was addressed through improved session tracking.", 
        "update": "", 
        "module": "CFPreferences", 
        "id": "CVE-2014-4425", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "A remote attacker could determine all the network addresses of the system", 
        "available": "", 
        "description": "The AFP file server supported a command which returned all the network addresses of the system. This issue was addressed by removing the addresses from the result.", 
        "update": "", 
        "module": "AFP File Server", 
        "id": "CVE-2014-4426 ", 
        "credit": "Craig Young of Tripwire VERT", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "An application confined by sandbox restrictions may misuse the accessibility API", 
        "available": "", 
        "description": "A sandboxed application could misuse the accessibility API without the user's knowledge. This has been addressed by requiring administrator approval to use the accessibility API on an per-application basis.", 
        "update": "", 
        "module": "App Sandbox", 
        "id": "CVE-2014-4427 ", 
        "credit": "Paul S. Ziegler of Reflare UG", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "An encrypted volume may stay unlocked when ejected", 
        "available": "", 
        "description": "When an encrypted volume was logically ejected while mounted, the volume was unmounted but the keys were retained, so it could have been mounted again without the password. This issue was addressed by erasing the keys on eject.", 
        "update": "", 
        "module": "CoreStorage", 
        "id": "CVE-2014-4430 : Benjamin King at See Ben Click Computer Services LLC, Karsten Iwen, Dustin Li (http://dustin.li/), Ken J. Takekoshi, and other anonymous researchers", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "In some circumstances, windows may be visible even when the screen is locked", 
        "available": "", 
        "description": "A state management issue existed in the handling of the screen lock. This issue was addressed through improved state tracking.", 
        "update": "", 
        "module": "Dock", 
        "id": "CVE-2014-4431 ", 
        "credit": "Emil Sj\u00f6lander of Ume\u00e5 University", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "The fdesetup command may provide misleading status for the state of encryption on disk", 
        "available": "", 
        "description": "After updating settings, but before rebooting, the fdesetup command provided misleading status. This issue was addressed through improved status reporting.", 
        "update": "", 
        "module": "fdesetup", 
        "id": "CVE-2014-4432", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "A maliciously crafted file system may cause unexpected system shutdown or arbitrary code execution", 
        "available": "", 
        "description": "A heap-based buffer overflow issue existed in the handling of HFS resource forks. A maliciously crafted filesystem may cause an unexpected system shutdown or arbitrary code execution with kernel privileges. The issue was addressed through improved bounds checking.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2014-4433 ", 
        "credit": "Maksymilian Arciemowicz", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "A malicious file system may cause unexpected system shutdown", 
        "available": "", 
        "description": "A NULL dereference issue existed in the handling of HFS filenames. A maliciously crafted filesystem may cause an unexpected system shutdown. This issue was addressed by avoiding the NULL dereference.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2014-4434 ", 
        "credit": "Maksymilian Arciemowicz", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "iCloud Lost mode PIN may be bruteforced", 
        "available": "", 
        "description": "A state persistence issue in rate limiting allowed brute force attacks on iCloud Lost mode PIN. This issue was addressed through improved state persistence across reboots.", 
        "update": "", 
        "module": "iCloud Find My Mac", 
        "id": "CVE-2014-4435 ", 
        "credit": "knoy", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "An application may cause a denial of service", 
        "available": "", 
        "description": "A out-of-bounds memory read was present in the IOHIDFamily driver. The issue was addressed through improved input validation.", 
        "update": "", 
        "module": "IOHIDFamily", 
        "id": "CVE-2014-4436 ", 
        "credit": "cunzhang from Adlab of Venustech", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "A local application may bypass sandbox restrictions", 
        "available": "", 
        "description": "The LaunchServices interface for setting content type handlers allowed sandboxed applications to specify handlers for existing content types. A compromised application could use this to bypass sandbox restrictions. The issue was addressed by restricting sandboxed applications from specifying content type handlers.", 
        "update": "", 
        "module": "LaunchServices", 
        "id": "CVE-2014-4437 ", 
        "credit": "Meder Kydyraliev of the Google Security Team", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "Sometimes the screen might not lock", 
        "available": "", 
        "description": "A race condition existed in LoginWindow, which would sometimes prevent the screen from locking. The issue was addressed by changing the order of operations.", 
        "update": "", 
        "module": "LoginWindow", 
        "id": "CVE-2014-4438 ", 
        "credit": "Harry Sintonen of nSense, Alessandro Lobina of Helvetia Insurances, Patryk Szlagowski of Funky Monkey Labs", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "Mail may send email to unintended recipients", 
        "available": "", 
        "description": "A user interface inconsistency in Mail application resulted in email being sent to addresses that were removed from the list of recipients. The issue was addressed through improved user interface consistency checks.", 
        "update": "", 
        "module": "Mail", 
        "id": "CVE-2014-4439 ", 
        "credit": "Patrick J Power of Melbourne, Australia", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "When mobile configuration profiles were uninstalled, their settings were not removed", 
        "available": "", 
        "description": "Web proxy settings installed by a mobile configuration profile were not removed when the profile was uninstalled. This issue was addressed through improved handling of profile uninstallation.", 
        "update": "", 
        "module": "MCX Desktop Config Profiles", 
        "id": "CVE-2014-4440 ", 
        "credit": "Kevin Koster of Cloudpath Networks", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "File Sharing may enter a state in which it cannot be disabled", 
        "available": "", 
        "description": "A state management issue existed in the File Sharing framework. This issue was addressed through improved state management.", 
        "update": "", 
        "module": "NetFS Client Framework", 
        "id": "CVE-2014-4441 ", 
        "credit": "Eduardo Bonsi of BEARTCOMMUNICATIONS", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "A local user can cause an unexpected system termination", 
        "available": "", 
        "description": "A reachable panic existed in the handling of messages sent to system control sockets. This issue was addressed through additional validation of messages.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2014-4442 ", 
        "credit": "Darius Davis of VMware", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "A remote attacker may be able to cause a denial of service", 
        "available": "", 
        "description": "A null dereference existed in the handling of ASN.1 data. This issue was addressed through additional validation of ASN.1 data.", 
        "update": "", 
        "module": "Security", 
        "id": "CVE-2014-4443 ", 
        "credit": "Coverity", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "A local user might have access to another user's Kerberos tickets", 
        "available": "", 
        "description": "A state management issue existed in SecurityAgent. While Fast User Switching, sometimes a Kerberos ticket for the switched-to user would be placed in the cache for the previous user. This issue was addressed through improved state management.", 
        "update": "", 
        "module": "Security", 
        "id": "CVE-2014-4444 ", 
        "credit": "Gary Simon of Sandia National Laboratories, Ragnar Sundblad of KTH Royal Institute of Technology, Eugene Homyakov of Kaspersky Lab", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "In certain configurations, a remote attacker may be able to execute arbitrary shell commands", 
        "available": "", 
        "description": "An issue existed in Bash's parsing of environment variables. This issue was addressed through improved environment variable parsing by better detecting the end of the function statement.", 
        "update": "", 
        "module": "Bash", 
        "id": "CVE-2014-6271 ", 
        "credit": "Stephane Chazelas", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "In certain configurations, a remote attacker may be able to execute arbitrary shell commands", 
        "available": "", 
        "description": "An issue existed in Bash's parsing of environment variables. This issue was addressed through improved environment variable parsing by better detecting the end of the function statement.", 
        "update": "", 
        "module": "Bash", 
        "id": "CVE-2014-7169 ", 
        "credit": "Tavis Ormandy", 
        "page": "https://support.apple.com/en-us/HT6535"
    }, 
    {
        "impact": "Multiple vulnerabilities in BIND, the most serious of which may lead to a denial of service", 
        "available": "OS X Yosemite v10.10 or later", 
        "description": "Multiple vulnerabilities existed in BIND. These issues were addressed by updating BIND to version 9.9.2-P2", 
        "update": "", 
        "module": "BIND", 
        "id": "CVE-2013-3919", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6536"
    }, 
    {
        "impact": "Multiple vulnerabilities in LibYAML, the most serious of which may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10 or later", 
        "description": "Multiple vulnerabilities existed in LibYAML. These issues were addressed by switching from YAML to JSON as Profile Manager's internal serialization format.", 
        "update": "", 
        "module": "Profile Manager", 
        "id": "CVE-2013-4164", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6536"
    }, 
    {
        "impact": "Multiple vulnerabilities in BIND, the most serious of which may lead to a denial of service", 
        "available": "OS X Yosemite v10.10 or later", 
        "description": "Multiple vulnerabilities existed in BIND. These issues were addressed by updating BIND to version 9.9.2-P2", 
        "update": "", 
        "module": "BIND", 
        "id": "CVE-2013-4854", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6536"
    }, 
    {
        "impact": "Multiple vulnerabilities in LibYAML, the most serious of which may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10 or later", 
        "description": "Multiple vulnerabilities existed in LibYAML. These issues were addressed by switching from YAML to JSON as Profile Manager's internal serialization format.", 
        "update": "", 
        "module": "Profile Manager", 
        "id": "CVE-2013-6393", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6536"
    }, 
    {
        "impact": "Multiple vulnerabilities in PostgreSQL, the most serious of which may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10 or later", 
        "description": "Multiple vulnerabilities existed in PostgreSQL. These issues were addressed by updating PostgreSQL to version 9.2.7.", 
        "update": "", 
        "module": "CoreCollaboration", 
        "id": "CVE-2014-0060", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6536"
    }, 
    {
        "impact": "Multiple vulnerabilities in PostgreSQL, the most serious of which may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10 or later", 
        "description": "Multiple vulnerabilities existed in PostgreSQL. These issues were addressed by updating PostgreSQL to version 9.2.7.", 
        "update": "", 
        "module": "CoreCollaboration", 
        "id": "CVE-2014-0061", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6536"
    }, 
    {
        "impact": "Multiple vulnerabilities in PostgreSQL, the most serious of which may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10 or later", 
        "description": "Multiple vulnerabilities existed in PostgreSQL. These issues were addressed by updating PostgreSQL to version 9.2.7.", 
        "update": "", 
        "module": "CoreCollaboration", 
        "id": "CVE-2014-0062", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6536"
    }, 
    {
        "impact": "Multiple vulnerabilities in PostgreSQL, the most serious of which may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10 or later", 
        "description": "Multiple vulnerabilities existed in PostgreSQL. These issues were addressed by updating PostgreSQL to version 9.2.7.", 
        "update": "", 
        "module": "CoreCollaboration", 
        "id": "CVE-2014-0063", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6536"
    }, 
    {
        "impact": "Multiple vulnerabilities in PostgreSQL, the most serious of which may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10 or later", 
        "description": "Multiple vulnerabilities existed in PostgreSQL. These issues were addressed by updating PostgreSQL to version 9.2.7.", 
        "update": "", 
        "module": "CoreCollaboration", 
        "id": "CVE-2014-0064", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6536"
    }, 
    {
        "impact": "Multiple vulnerabilities in PostgreSQL, the most serious of which may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10 or later", 
        "description": "Multiple vulnerabilities existed in PostgreSQL. These issues were addressed by updating PostgreSQL to version 9.2.7.", 
        "update": "", 
        "module": "CoreCollaboration", 
        "id": "CVE-2014-0065", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6536"
    }, 
    {
        "impact": "Multiple vulnerabilities in PostgreSQL, the most serious of which may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10 or later", 
        "description": "Multiple vulnerabilities existed in PostgreSQL. These issues were addressed by updating PostgreSQL to version 9.2.7.", 
        "update": "", 
        "module": "CoreCollaboration", 
        "id": "CVE-2014-0066", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6536"
    }, 
    {
        "impact": "Multiple vulnerabilities in BIND, the most serious of which may lead to a denial of service", 
        "available": "OS X Yosemite v10.10 or later", 
        "description": "Multiple vulnerabilities existed in BIND. These issues were addressed by updating BIND to version 9.9.2-P2", 
        "update": "", 
        "module": "BIND", 
        "id": "CVE-2014-0591", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6536"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to a cross-site scripting attack", 
        "available": "OS X Yosemite v10.10 or later", 
        "description": "A cross-site scripting issue existed in Xcode Server. This issue was addressed through improved encoding of HTML output.", 
        "update": "", 
        "module": "CoreCollaboration", 
        "id": "CVE-2014-4406 ", 
        "credit": "David Hoyt of Hoyt LLC", 
        "page": "https://support.apple.com/en-us/HT6536"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary SQL queries", 
        "available": "OS X Yosemite v10.10 or later", 
        "description": "A SQL injection issue existed in Wiki Server. This issue was addressed through additional validation of SQL queries.", 
        "update": "", 
        "module": "CoreCollaboration", 
        "id": "CVE-2014-4424 ", 
        "credit": "Sajjad Pourali (sajjad@securation.com) of CERT of Ferdowsi University of Mashhad", 
        "page": "https://support.apple.com/en-us/HT6536"
    }, 
    {
        "impact": "Group SACL changes for Mail may not be respected until after a restart of the Mail service", 
        "available": "OS X Yosemite v10.10 or later", 
        "description": "SACL settings for Mail were cached and changes to the SACLs were not respected until after a restart of the Mail service. This issue was addressed by resetting the cache upon changes to the SACLs.", 
        "update": "", 
        "module": "Mail Service", 
        "id": "CVE-2014-4446 ", 
        "credit": "Craig Courtney", 
        "page": "https://support.apple.com/en-us/HT6536"
    }, 
    {
        "impact": "A local user may obtain passwords after setting up or editing profiles in Profile Manager", 
        "available": "OS X Yosemite v10.10 or later", 
        "description": "In certain circumstances, setting up or editing profiles in Profile Manager may have logged passwords to a file. This issue was addressed through improved handling of credentials.", 
        "update": "", 
        "module": "Profile Manager", 
        "id": "CVE-2014-4447 ", 
        "credit": "Mayo Jordanov", 
        "page": "https://support.apple.com/en-us/HT6536"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-2871 ", 
        "credit": "miaubiz", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-2875 ", 
        "credit": "miaubiz", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-2909 ", 
        "credit": "Atte Kettunen of OUSPG", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-2926 ", 
        "credit": "cloudfuzzer", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-2927 ", 
        "credit": "cloudfuzzer", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-2928 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-5195 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-5196 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-5197 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-5198 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-5199 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-5225 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-5228 ", 
        "credit": "Keen Team (@K33nTeam) working with HP's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-6625 ", 
        "credit": "cloudfuzzer", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-6635 ", 
        "credit": "cloudfuzzer", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2013-6663 ", 
        "credit": "Atte Kettunen of OUSPG", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1268 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1269 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1270 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1289 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1290 ", 
        "credit": "ant4g0nist (SegFault) working with HP's Zero Day Initiative, Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1291 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1292 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1293 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1294 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1298 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1299 ", 
        "credit": "Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1300 ", 
        "credit": "Ian Beer of Google Project Zero working with HP's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1301 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1302 ", 
        "credit": "Google Chrome Security Team, Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1303 ", 
        "credit": "KeenTeam working with HP's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1304 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1305 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1307 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1308 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1309 ", 
        "credit": "cloudfuzzer", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1310 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1311 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1312 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1313 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1323 ", 
        "credit": "banty", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1324 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1325 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1326 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1327 ", 
        "credit": "Google Chrome Security Team, Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1329 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1330 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1331 ", 
        "credit": "cloudfuzzer", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1333 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1334 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1335 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1336 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1337 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1338 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1339 ", 
        "credit": "Atte Kettunen of OUSPG", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1340 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1341 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1342 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1343 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1344 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1362 ", 
        "credit": "Apple, miaubiz", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1363 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1364 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1365 ", 
        "credit": "Apple, Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1366 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1367 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1368 ", 
        "credit": "Wushi of Keen Team (Research Team of Keen Cloud Tech)", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1382 ", 
        "credit": "Renata Hodovan of University of Szeged / Samsung Electronics", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1384 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1385 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1386 ", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1387 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1388 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1389 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1390 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1713 ", 
        "credit": "VUPEN working with HP's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-1731 ", 
        "credit": "an anonymous member of the Blink development community", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-4410 ", 
        "credit": "Eric Seidel of Google", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-4411 ", 
        "credit": "Google Chrome Security Team", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-4412 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-4413 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-4414 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 8, Windows 7, Vista, XP SP2 or later", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": "", 
        "module": "iTunes", 
        "id": "CVE-2014-4415 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT6537"
    }, 
    {
        "impact": "Files transferred to the device may be written with insufficient cryptographic protection", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "Files could be transferred to an app's Documents directory and encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the transferred files with a key protected by the hardware UID and the user's passcode.", 
        "update": "", 
        "module": "House Arrest", 
        "id": "CVE-2014-4448 ", 
        "credit": "Jonathan Zdziarski and Kevin DeLong", 
        "page": "https://support.apple.com/en-us/HT6541"
    }, 
    {
        "impact": "An attacker in a privileged network position may force iCloud data access clients to leak sensitive information", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A TLS certificate validation vulnerability existed in iCloud data access clients. This issue was addressed by improved certificate validation.", 
        "update": "", 
        "module": "iCloud Data Access", 
        "id": "CVE-2014-4449 ", 
        "credit": "Carl Mehner of USAA", 
        "page": "https://support.apple.com/en-us/HT6541"
    }, 
    {
        "impact": "QuickType could learn users' credentials", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "QuickType could learn users' credentials when switching between elements. This issue was addressed by QuickType not learning from fields where autocomplete is disabled and reapplying the criteria when switching between DOM input elements in legacy WebKit.", 
        "update": "", 
        "module": "Keyboards", 
        "id": "CVE-2014-4450", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT6541"
    }, 
    {
        "impact": "An attacker may be able to decrypt data protected by SSL", 
        "available": "Apple TV 3rd generation and later", 
        "description": "There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-3566 ", 
        "credit": "Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of Google Security Team", 
        "page": "https://support.apple.com/en-us/HT6542"
    }, 
    {
        "impact": "A malicious Bluetooth input device may bypass pairing", 
        "available": "Apple TV 3rd generation and later", 
        "description": "Unencrypted connections were permitted from Human Interface Device-class Bluetooth Low Energy accessories. If a device had paired with such an accessory, an attacker could spoof the legitimate accessory to establish a connection. The issue was addressed by denying unencrypted HID connections.", 
        "update": "", 
        "module": "Apple TV", 
        "id": "CVE-2014-4428 ", 
        "credit": "Mike Ryan of iSEC Partners", 
        "page": "https://support.apple.com/en-us/HT6542"
    }
]