-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update
2014-001

OS X Mavericks 10.9.2 and Security Update 2014-001 is now available
and addresses the following:

Apache
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact:  Multiple vulnerabilities in Apache
Description:  Multiple vulnerabilities existed in Apache, the most
serious of which may lead to cross-site scripting. These issues were
addressed by updating Apache to version 2.2.26.
CVE-ID
CVE-2013-1862
CVE-2013-1896

App Sandbox
Available for:  OS X Mountain Lion v10.8.5
Impact:  The App Sandbox may be bypassed
Description:  The LaunchServices interface for launching an
application allowed sandboxed apps to specify the list of arguments
passed to the new process. A compromised sandboxed application could
abuse this to bypass the sandbox. This issue was addressed by
preventing sandboxed applications from specifying arguments. This
issue does not affect systems running OS X Mavericks 10.9 or later.
CVE-ID
CVE-2013-5179 : Friedrich Graeter of The Soulmen GbR

ATS
Available for:  OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 and 10.9.1
Impact:  Viewing or downloading a document containing a maliciously
crafted embedded font may lead to arbitrary code execution
Description:  A memory corruption issue existed in the handling of
handling of Type 1 fonts. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-1254 : Felix Groebert of the Google Security Team

ATS
Available for:  OS X Mavericks 10.9 and 10.9.1
Impact:  The App Sandbox may be bypassed
Description:  A memory corruption issue existed in the handling of
Mach messages passed to ATS. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-1262 : Meder Kydyraliev of the Google Security Team

ATS
Available for:  OS X Mavericks 10.9 and 10.9.1
Impact:  The App Sandbox may be bypassed
Description:  An arbitrary free issue existed in the handling of Mach
messages passed to ATS. This issue was addressed through additional
validation of Mach messages.
CVE-ID
CVE-2014-1255 : Meder Kydyraliev of the Google Security Team

ATS
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact:  The App Sandbox may be bypassed
Description:  A buffer overflow issue existed in the handling of Mach
messages passed to ATS. This issue was addressed by additional bounds
checking.
CVE-ID
CVE-2014-1256 : Meder Kydyraliev of the Google Security Team

Certificate Trust Policy
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact:  Root certificates have been updated
Description:  The set of system root certificates has been updated.
The complete list of recognized system roots may be viewed via the
Keychain Access application.

CFNetwork Cookies
Available for:  OS X Mountain Lion v10.8.5
Impact:  Session cookies may persist even after resetting Safari
Description:  Resetting Safari did not always delete session cookies
until Safari was closed. This issue was addressed through improved
handling of session cookies. This issue does not affect systems
running OS X Mavericks 10.9 or later.
CVE-ID
CVE-2014-1257 : Rob Ansaldo of Amherst College, Graham Bennett

CoreAnimation
Available for:  OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 and 10.9.1
Impact:  Visiting a maliciously crafted site may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow existed in CoreAnimation's
handling of images. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-1258 : Karl Smith of NCC Group

CoreText
Available for:  OS X Mavericks 10.9 and 10.9.1
Impact:  Applications that use CoreText may be vulnerable to an
unexpected application termination or arbitrary code execution
Description:  A signedness issue existed in CoreText in the handling
of Unicode fonts. This issue is addressed through improved bounds
checking.
CVE-ID
CVE-2014-1261 : Lucas Apa and Carlos Mario Penagos of IOActive Labs

curl
Available for:  OS X Mavericks 10.9 and 10.9.1
Impact:  An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description:  When using curl to connect to an HTTPS URL containing
an IP address, the IP address was not validated against the
certificate. This issue does not affect systems prior to OS X
Mavericks v10.9.
CVE-ID
CVE-2014-1263 : Roland Moriz of Moriz GmbH

Data Security
Available for:  OS X Mavericks 10.9 and 10.9.1
Impact:  An attacker with a privileged network position may capture
or modify data in sessions protected by SSL/TLS
Description:  Secure Transport failed to validate the authenticity of
the connection. This issue was addressed by restoring missing
validation steps.
CVE-ID
CVE-2014-1266

Date and Time
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact:  An unprivileged user may change the system clock
Description:  This update changes the behavior of the systemsetup
command to require administrator privileges to change the system
clock.
CVE-ID
CVE-2014-1265

File Bookmark
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact:  Viewing a file with a maliciously crafted name may lead to
an unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in the handling of file
names. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1259

Finder
Available for:  OS X Mavericks 10.9 and 10.9.1
Impact:  Accessing a file's ACL via Finder may lead to other users
gaining unauthorized access to files
Description:  Accessing a file's ACL via Finder may corrupt the ACLs
on the file. This issue was addressed through improved handling of
ACLs.
CVE-ID
CVE-2014-1264

ImageIO
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact:  Viewing a maliciously crafted JPEG file may lead to the
disclosure of memory contents
Description:  An uninitialized memory access issue existed in
libjpeg's handling of JPEG markers, resulting in the disclosure of
memory contents. This issue was addressed by better JPEG handling.
CVE-ID
CVE-2013-6629 : Michal Zalewski

IOSerialFamily
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5
Impact:  Executing a malicious application may result in arbitrary
code execution within the kernel
Description:  An out of bounds array access existed in the
IOSerialFamily driver. This issue was addressed through additional
bounds checking. This issue does not affect systems running OS X
Mavericks v10.9 or later.
CVE-ID
CVE-2013-5139 : @dent1zt

LaunchServices
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5
Impact:  A file could show the wrong extension
Description:  An issue existed in the handling of certain unicode
characters that could allow filenames to show incorrect extensions.
The issue was addressed by filtering unsafe unicode characters from
display in filenames. This issue does not affect systems running OS X
Mavericks v10.9 or later.
CVE-ID
CVE-2013-5178 : Jesse Ruderman of Mozilla Corporation, Stephane Sudre
of Intego

NVIDIA Drivers
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact:  Executing a malicious application could result in arbitrary
code execution within the graphics card
Description:  An issue existed that allowed writes to some trusted
memory on the graphics card. This issue was addressed by removing the
ability of the host to write to that memory.
CVE-ID
CVE-2013-5986 : Marcin Kościelnicki from the X.Org Foundation
Nouveau project
CVE-2013-5987 : Marcin Kościelnicki from the X.Org Foundation
Nouveau project

PHP
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact:  Multiple vulnerabilities in PHP
Description:  Multiple vulnerabilities existed in PHP, the most
serious of which may have led to arbitrary code execution. These
issues were addressed by updating PHP to version 5.4.22 on OS X
Mavericks v10.9, and 5.3.28 on OS X Lion and Mountain Lion.
CVE-ID
CVE-2013-4073
CVE-2013-4113
CVE-2013-4248
CVE-2013-6420

QuickLook
Available for:  OS X Mountain Lion v10.8.5
Impact:  Downloading a maliciously crafted Microsoft Office file may
lead to an unexpected application termination or arbitrary code
execution
Description:  A memory corruption issue existed in QuickLook's
handling of Microsoft Office files. Downloading a maliciously crafted
Microsoft Office file may have led to an unexpected application
termination or arbitrary code execution. This issue does not affect
systems running OS X Mavericks 10.9 or later.
CVE-ID
CVE-2014-1260 : Felix Groebert of the Google Security Team

QuickLook
Available for:  OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 and 10.9.1
Impact:  Downloading a maliciously crafted Microsoft Word document
may lead to an unexpected application termination or arbitrary code
execution
Description:  A double free issue existed in QuickLook's handling of
Microsoft Word documents. This issue was addressed through improved
memory management.
CVE-ID
CVE-2014-1252 : Felix Groebert of the Google Security Team

QuickTime
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact:  Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in the handling of 'ftab'
atoms. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1246 : An anonymous researcher working with HP's Zero Day
Initiative

QuickTime
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact:  Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue existed in the handling of
'dref' atoms. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-1247 : Tom Gallagher & Paul Bates working with HP's Zero Day
Initiative

QuickTime
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact:  Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in the handling of 'ldat'
atoms. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1248 : Jason Kratzer working with iDefense VCP

QuickTime
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact:  Viewing a maliciously crafted PSD image may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in the handling of PSD
images. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1249 : dragonltx of Tencent Security Team

QuickTime
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact:  Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  An out of bounds byte swapping issue existed in the
handling of 'ttfo' elements. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-1250 : Jason Kratzer working with iDefense VCP

QuickTime
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact:  Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A signedness issue existed in the handling of 'stsz'
atoms. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1245 : Tom Gallagher & Paul Bates working with HP's Zero Day
Initiative

Secure Transport
Available for:  OS X Mountain Lion v10.8.5
Impact:  An attacker may be able to decrypt data protected by SSL
Description:  There were known attacks on the confidentiality of SSL
3.0 and TLS 1.0 when a cipher suite used a block cipher in CBC mode.
To address these issues for applications using Secure Transport, the
1-byte fragment mitigation was enabled by default for this
configuration.
CVE-ID
CVE-2011-3389 : Juliano Rizzo and Thai Duong

OS X Mavericks v10.9.2 includes the content of Safari 7.0.2. 

OS X Mavericks v10.9.2 and Security Update 2014-001 may be obtained from 
the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTDNeoAAoJEPefwLHPlZEwaRAP/3i/2qRvNv6JqmE9p48uEyXn
mlxwXpMyop+vrgMmuiSP14EGSv06HO04PNUtaWPxm7tVYXu0tMtjDcYdIu40TAy6
U0T6QhRZC/uag1DCvdEOvqRUajKmmPtHTCJ6OsQGtGJHlEM+S5XgxRr7qgfkHMfb
OlqFsgpdL/AAiYNfzItN2C+r2Lfwro6LDlxhikpASojlMFQrk8nJ6irRv617anSZ
3DwJW2iJxNfpVrgqA1Nrx1fkrPmeT/8jgGuEP6RaKiWIbfXjRG5BW9WuarMqmaP8
C6XoTaJaqEO9zb7F2uJR0HIYpJd065y/xiYNm91yDWIjdrO3wVgNVPGo1pHVyYsY
Y7lcyHUVJortKF8SHquw0j3Ujeugu8iWp6ND/00/4dGvwb0jzrxPUxkEmJ43130O
t2Obtxdsaa+ub8cZHDN93WB3FQR5hd+KaeXLJC55q0qYY8o8zqdPqXAlYAP2gUQX
iB4Bs7NAh2CNJWNTtk2soTjZOwPvPLSPZ6I3w5i0HVP7HQl5K8chjihAwSeyezCZ
q5gxCiK0lBW88AUd9n3L7ZOW2Rg53mh6+RiUL/VQ7TfidoP417VDKum300pZkgNv
kBCklX9ya7QeLjOMnbnsTk32qG+TiDPgiGZ5IrK6C6T26dexJWbm8tuwPjy5r8mI
aiYIh+SzR0rBdMZRgyzv
=+DAJ
-----END PGP SIGNATURE-----