|
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA36701
|
|
|
Release Date:
|
2009-09-11
|
|
Popularity:
|
2,319 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Security Bypass
Cross Site Scripting
Exposure of sensitive information
Privilege escalation
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Apple Macintosh OS X
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) An error in Alias Manager when processing alias files can be exploited to cause a buffer overflow and potentially execute arbitrary code.
2) An error in Resource Manager when processing resource forks can be exploited to corrupt memory and potentially execute arbitrary code.
3) Multiple vulnerabilities in ClamAV can be exploited to bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system.
For more information:
SA34566
SA34612
4) An integer overflow error exists when processing ColorSync profiles embedded in images. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted image.
5) An integer overflow error exists in CoreGraphics when processing JBIG2 streams embedded in PDF files. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted PDF file.
6) An error in CoreGraphics can be exploited to cause a heap-based buffer overflow potentially execute arbitrary code when drawing long text strings.
This is related to vulnerability #1 in:
SA36269
7) A NULL-pointer dereference error in CUPS can be exploited to cause a crash.
For more information see vulnerability #4 in:
SA34481
8) An error in the CUPS USB backend can be exploited to cause a heap-based buffer overflow and execute arbitrary code with escalated privileges.
9) Multiple vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass security features, gain knowledge of sensitive information, or compromise a user's system.
For more information:
SA35948
10) Multiple errors exist in ImageIO when processing PixarFilm encoded TIFF images. These can be exploited to trigger memory corruptions and potentially execute arbitrary code via specially crafted TIFF files.
11) An error exists in Launch Services when handling files having a ".fileloc" extension. This can be exploited to potentially execute arbitrary code by tricking a user into opening a ".fileloc" file.
12) An error exists in Launch Services when handling exported document types presented when an application is downloaded. This can be exploited to associate a safe file extension with an unsafe Uniform Type Identifier (UTI) and execute arbitrary code.
13) An error in MySQL can be exploited by malicious, local users to bypass certain security restrictions.
For more information:
SA30134
14) Multiple vulnerabilities in PHP have an unknown impact or can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service).
For more information:
SA34081
15) An error exists in Samba when handling error conditions. This can be exploited by a user without a configured home directory to access the contents of the file system by connecting to the Windows File Sharing service.
16) Input passed in search requests containing non UTF-8 encoded data to Wiki Server is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
