UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users'. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.