SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Apple Pages Vendors:   Apple Computer
Apple Pages Double Free Memory Error Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1029683
SecurityTracker URL:  http://securitytracker.com/id/1029683
CVE Reference:   CVE-2014-1252   (Links to External Site)
Date:  Jan 24 2014
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.x prior to 2.1; 5.x prior to 5.1
Description:   A vulnerability was reported in Apple Pages. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted Microsoft Word file that, when loaded by the target user, will trigger a double-free memory error and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Felix Groebert of the Google Security Team reported this vulnerability.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued a fix (2.1, 5.1).

The vendor's advisory will be available at:

http://support.apple.com/kb/HT1222

Vendor URL:  support.apple.com/kb/HT1222 (Links to External Site)
Cause:   Access control error
Underlying OS:   iOS, UNIX (OS X)

Message History:   None.


 Source Message Contents

Date:  Fri, 24 Jan 2014 01:24:11 +0000
Subject:  Apple Pages


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-01-23-1 Pages 5.1 and Pages 2.1

Pages 5.1 and Pages 2.1 are now available and address the following:

Pages
Available for:  OS X 10.9 or later, iOS 7 or later
Impact:  Opening a maliciously crafted Microsoft Word document may
lead to an unexpected application termination or arbitrary code
execution
Description:  A double free issue existed in the handling of
Microsoft Word documents. This issue was addressed through improved
memory management.
CVE-ID
CVE-2014-1252 : Felix Groebert of the Google Security Team

Pages 5.1 and Pages 2.1 may be obtained from the App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJS4a/RAAoJEPefwLHPlZEwrP8P/RNY2nq8zpbue6VvjiiCk2R1
FOEhbvE8dp83grhhKvEiWXrfaaQxStvWyGKwXwfMthbMwYxlo3jpGOLhrUe8WIB2
yZnjopXqqcg+GiFge7/N3Vzg+d9DzDWThUJ0YFlz4warNyTy8TyHmgdVadNpnlaw
uDxjY03p/mrNWbilLzVIbLeK7k72SDMTeuxNSD0P5Ef4CtL2iqaDuVrWqTTBeoSS
tUEVsbH66vCT5LioDVLRLZ3LPWfeGli4I0jD/DdrIH6yc8Dou3403nthUhqaXNT5
msNy61auXoH4MyollGePiGBkTz5+jBjUnYhIUKWEK9YoXg/BrDhk/lQPadJcFU74
d8ap/M3a8u+ZbeBYd4a3X+GwI7oEYbiHqNFr0cSsv4DcnKScHR+eoBtrGJ+iRmkn
LA/qZnbDpPhvsgb8BDURfl4UmVDGVV9wf+QrjCLoE5ZAZPuubqpUm36wodhLKelO
EHgnJQMVy5QFFqiObJ48BP2wTFwqW55s3yB1/PdZ3NjrdMYvgkb+WOjXJIeMCZ8E
gLeGbNjIdnlGwCIhgd2xP5XuR6KuJ7nAj+Xr2SSqnEEaV7PfF1BFb9qM8wU/NykP
nd7yaAaq80UbljYIU5tffnKMVytD8OeFDpE6entMhwnxuEOMppgZLGqmMpiAErCY
sZE9+eMDs1J5UsFXef/W
=mSgm
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC