Apple has issued a security update for Mac OS X, which fixes various vulnerabilities.
1) A vulnerability in the Apache "mod_digest_apple" authentication can be exploited by malicious people to conduct replay attacks.
2) Multiple vulnerabilities in Apache and mod_ssl can be exploited to inject potentially malicious characters into error logfiles, bypass certain security restrictions, gain escalated privileges, gain unauthorised access to other web sites, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
3) A security issue in Apache results in access to ".DS_Store" files and files starting with ".ht" not being fully blocked. The problem is that the Apache configuration blocks access in a case sensitive way, but the Apple HFS+ filesystem performs file access in a case insensitive way.
4) A security issue in Apache makes it possible to bypass the normal Apache file handlers and retrieve file data and resource fork content via HTTP. The problem is that the Apple HFS+ filesystem permits files to have multiple data streams.
NOTE: This issue may also affect other products installed on the HFS+ filesystem.
5) Multiple vulnerabilities in Apache2 can be exploited by malicious people to cause a DoS or potentially compromise a system, or by malicious, local users to gain escalated privileges.
6) A security issue in Appkit causes secure text fields to not enable secure input correctly in some circumstances. This allows other applications in the same window session to read the entered characters.
7) Multiple vulnerabilities in Appkit can potentially be exploited by malicious people to compromise a user's system or cause a DoS (Denial of Service).
11) A vulnerability in Postfix when using CRAM-MD5 can be exploited by malicious users to send mails without being properly authenticated. The problem is that the credentials used to successfully authenticate a user can be re-used for a small time period, which can be exploited via replay attacks.
12) A vulnerability in PSNormalizer can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when converting PostScript to PDF.
13) A vulnerability in QuickTime Streaming Server can be exploited by malicious people to cause a DoS via a specially crafted DESCRIBE request.
14) A weakness in Safari can be exploited by malicious people to trick users into visiting a malicious web site by obfuscating URLs.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: Mac OS X Security Update Fixes Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.