Apple has issued a security update for Mac OS X, which fixes various vulnerabilities.
1) The "at" family of utilities ("at", "atrm", "batch", "atq", and "atrun") does not drop privileges properly. This can be exploited to delete arbitrary files, execute arbitrary commands with escalated privileges, or read the contents of arbitrary files.
The vulnerability has been reported in Mac OS X 10.3.4 (Darwin kernel xnu-517.7.7) and has been confirmed in Mac OS X 10.3.7 (Darwin kernel xnu-517.9.5). Other versions may also be affected.
2) A boundary error in the ColorSync component when processing ICC color profiles can be exploited to cause a heap-based buffer overflow. This allows execution of arbitrary code via a specially crafted ICC color profile.
3) Various vulnerabilities in the libxml2 component can potentially be exploited to compromise a vulnerable system.
4) An information disclosure weakness in the Mail component makes it possible to determine the system from which an email has been sent. The problem is that an identifier associated with the Ethernet networking hardware is included in the "Message-ID" header.
5) Multiple vulnerabilities in PHP can be exploited to e.g. cause a DoS (Denial of Service) or execute arbitrary code.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Mac OS X Security Update Fixes Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.