|
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA30802
|
|
|
Release Date:
|
2008-07-01
|
|
Popularity:
|
6,802 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Security Bypass
Cross Site Scripting
Spoofing
Exposure of sensitive information
Privilege escalation
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Apple Macintosh OS X
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities and a weakness.
1) An unspecified error in the Alias Manager when handling AFP volume mount information in an alias data structure can be exploited to cause a memory corruption and potentially execute arbitrary code.
2) A weakness is caused due to users not being warned before opening certain potentially unsafe content types, e.g. .xht and .xhtm files.
3) A format string error in c++filt can be exploited to exploited to execute arbitrary code when a specially crafted string is passed to the application.
4) An vulnerability in Dock can be exploited by malicious people with physical access to a system to bypass the screen lock when Exposé hot corners are set.
5) A race condition error exists in Launch Services in the download validation of symbolic links. This can be exploited to execute arbitrary code when a user visits a malicious web site.
Successful exploitation requires that the "Open 'safe' files" option is enabled in Safari.
6) A vulnerability in Net-SNMP can be exploited by malicious people to spoof authenticated SNMPv3 packets.
For more information:
SA30574
7) Some vulnerabilities in Ruby can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
For more information:
SA29232
SA29794
NOTE: Reportedly, the directory traversal issue does not affect Mac OS X.
8) A vulnerability in SMB File Server can be exploited by malicious people to compromise a vulnerable system.
For more information:
SA30228
9) It is possible to store malicious files within the User Template directory. This can be exploited to execute arbitrary code with permissions of a new user when his home directory is created using the User Template directory.
10) Some vulnerabilities in Tomcat can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information or to conduct cross-site scripting attacks.
For more information:
SA25678
SA26466
SA27398
SA28878
11) A vulnerability in WebKit can be exploited by malicious people to compromise a user's system.
For more information see vulnerability #3 in:
SA30775
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
