3) A security issue in Apache 2 results in access to ".DS_Store" files and files starting with ".ht" not being fully blocked. The problem is that the Apache configuration blocks access in a case sensitive way, but the Apple HFS+ filesystem performs file access in a case insensitive way.
4) A security issue in Apache 2 makes it possible to bypass the normal Apache file handlers and retrieve file data and resource fork content via HTTP. The problem is that the Apple HFS+ filesystem permits files to have multiple data streams.
NOTE: This issue may also affect other products installed on the HFS+ filesystem.
5) A boundary error in the AppKit component can be exploited to cause a buffer overflow and execute arbitrary code on a user's system when a specially crafted rich text file is opened.
6) A boundary error in the AppKit component can be exploited to cause a buffer overflow and execute arbitrary code on a user's system when a specially crafted Microsoft Word .doc file is opened in e.g. TextEdit.
7) An error in the AppKit component allows malicious, local users with physical access to create additional local accounts.
8) A bug in the System Profiler causes it to display misleading information about whether or not a Bluetooth device requires authentication.
9) A boundary error in the CoreFoundation framework when processing command line arguments can be exploited to cause a buffer overflow and execute arbitrary code.
10) An error in the CoreFoundation framework when parsing Gregorian date information can cause applications to stall.
11) Errors in the CUPS printing service can cause it to stop printing when handling multiple, simultaneous print jobs.
12) A boundary error in Directory Services during the authentication handling can be exploited to cause a buffer overflow and execute arbitrary code.
13) Various errors in the privileged tool dsidentity can be exploited by unprivileged users to add or remove identity user accounts in Directory Services.
14) The slpd program in Directory Services creates temporary files insecurely. This can be exploited via symlink attacks to overwrite arbitrary files with root privileges.
15) An error in Hltoolbox may allow VoiceOver services to read contents from secure input fields.
16) An error in Kerberos can potentially be exploited by malicious users to compromise a vulnerable system.
18) An error in Kerberos when Kerberos authentication is enabled in addition to LDAP can be exploited to gain access to the root Terminal window.
19) An error in loginwindow can be exploited by malicious users with knowledge of two passwords to access other logged-in accounts when "Fast User Switching" is enabled without knowing these passwords.
20) The Mail component loads remote images in HTML emails (even with this disabled in the user's preferences), which can be exploited to enumerate valid email addresses.
21) Various errors in MySQL can potentially be exploited by malicious users to compromise a vulnerable system and by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
Provided and/or discovered by: 1) JxT, SNOsoft.
8) John M. Glenn
9) David Remahl
10) David Remahl
13) KF and Neil Archibald.
18) Jim Foraker
20) Brad Miller and John Pell
23) Neil Archibald, Suresec LTD.
24) Jay Craft, GrooVault Entertainment.
26) Bill Kuker
27) Andrew Langmead
29) Matt Richard and Chris Pepper
31) Neil Archibald, Suresec LTD.
33) Donnie Werner and Atsushi MATSUO.
Original Advisory: Apple:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Mac OS X Security Update Fixes Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.