Apple Mac OS X sikkerhedsopdatering til to sårbarheder - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

Apple Mac OS X sikkerhedsopdatering til to sårbarheder

Secunia Advisory:	SA25786
Udsendt:	2007-06-25

Kritisk:	Meget kritisk
Betydning:	Cross Site Scripting Systemadgang
Hvor:	Fra Internet
Løsning Status:	Producent Patch

OS:	Apple Macintosh OS X


CVE reference:	CVE-2007-2399 (Secunia mirror) CVE-2007-2401 (Secunia mirror)

	Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS!

Beskrivelse: Apple har udgivet en sikkerhedsopdatering for Mac OS X, som retter to sårbarheder. 1) En ugyldig type-konvertering under håndteringen af framesets i WebKit kan udnyttes til at korrumpere hukommelsen og eksekvere vilkårlig kode, når en bruger besøger et ondsindet website. 2) En inputvalideringsfejl unde rhåndteringen af headers suppleret til "XMLHttpRequest" objektet i WebCore kan udnyttes til at indsætte vilkårlige HTTP-forespørgsler. Løsning: Installér Security Update 2007-006. Security Update 2007-006 (10.3.9): http://www.apple.com/support/downloads/securityupdate20070061039.html Security Update 2007-006 (Universal): http://www.apple.com/support/downloads/securityupdate2007006universal.html Security Update 2007-006 (PPC): http://www.apple.com/support/downloads/securityupdate2007006ppc.html Rapporteret af / Kredit: 1) Producenten krediterer Rhys Kidd, Westnet 2) Richard Moore, Westpoint Ltd. Original Advisory: Apple: http://docs.info.apple.com/article.html?artnum=305759 Westpoint Ltd.: http://www.westpoint.ltd.uk/advisories/wp-07-0002.txt Andre Kilder: US-CERT VU#845708: http://www.kb.cert.org/vuls/id/845708 US-CERT VU#389868: http://www.kb.cert.org/vuls/id/389868



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

117 Relaterede Secunia Advisories, displaying 10

1. Mac OS X Java flere sårbarheder

2. Mac OS X "cs_validate_page()" lokalt Denial of Service

3. Mac OS X vpnd Denial of Service

4. Mac OS X lokalt Denial of Service

5. Apple Mail eksekvering af vilkårlige kommandoer

6. Apple Mac OS X applikations-firewall diverse svagheder

7. Apple Mac OS X sikkerhedsopdatering retter flere sårbarheder

8. Mac OS X sikkerhedsopdatering retter flere sårbarheder

9. Apple Mac OS X IPv6 type 0 route-headers Denial of Service

10. Apple Mac OS X sikkerhedsopdatering for flere sårbarheder

Vis alle relaterede advisories

Send Feedback to Secunia

Hvis du har ny information angående dette Secunia advisory eller et produkt i vores database, så send det venligst til os. Du kan sende det til os enten ved at bruge vores web formular eller ved at sende det til vuln@secunia.com. Ideer, foreslag og andet feedback er også meget velkommen.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	OpenBSD BIND Query Port DNS Cache Poisoning

2.	Microsoft Word Unspecified Code Execution Vulnerability

3.	Linux Kernel LDT Buffer Size Handling Vulnerability

4.	Slackware update for dnsmasq

5.	Debian update for clamav

6.	Drupal Session Fixation Vulnerability

7.	Red Hat update for kernel

8.	Red Hat update for thunderbird

9.	Ubuntu update for php

10.	IPCop update for perl