2) The Apple Type Services (ATS) server creates error log files insecurely. This can be exploited by malicious, local users to create or overwrite files with system privileges.
3) Multiple boundary errors in the Apple Type Services (ATS) server can be exploited by malicious, local users to cause a buffer overflow and execute arbitrary code with system privileges by sending a specially crafted request.
4) A boundary error in Apple Type Services (ATS) can be exploited to cause a stack-based buffer overflow via specially crafted font files and allows execution of arbitrary code with system privileges.
5) An error in the CFNetwork framework can be exploited to cause a user's FTP client to issue arbitrary FTP commands when a user accesses a specially crafted FTP URI. This may facilitate exploitation via other line oriented protocols.
6) Vulnerabilities in ClamAV can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
7) A boundary error in Finder can be exploited to cause a heap-based buffer overflow and may allow arbitrary code execution when a user browses a directory containing a specially crafted ".DS_Store" file.
8) An error in the ftpd can be exploited by malicious people to determine valid account names and to cause a DoS (Denial of Service) via failed login attempts with a valid username.
9) Some vulnerabilities in gnuzip can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
Provided and/or discovered by: 1) The vendor credits H D Moore.
8) The vendor credits Benjamin Williams, University of Canterbury.
13) The vendor credits Mu Security.
15) The vendor credits Eric Cronin of gizmolabs.
16) The vendor credits Dr. Stephen N. Henson of Open Network Security.
17) The vendor credits Timothy J. Miller of the MITRE Corporation.
18) The vendor credits Jose Nazario of Arbor Networks.
20) The vendor credits Tom Ferris of Security-Protocols.
Original Advisory: http://docs.info.apple.com/article.html?artnum=304829
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Mac OS X Security Update Fixes Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.