|
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA37313
|
|
|
Release Date:
|
2009-11-10
|
|
Popularity:
|
1,083 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Unknown
Security Bypass
Cross Site Scripting
Spoofing
Manipulation of data
Brute force
Exposure of sensitive information
Privilege escalation
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Apple Macintosh OS X
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) A boundary error in the AFP Client component can be exploited to corrupt memory and potentially execute arbitrary code when a user accesses a specially crafted AFP server.
2) A weakness in the Adaptive Firewall component can lead to brute force or dictionary attacks not being detected.
3) Some vulnerabilities in Apache can be exploited by malicious, local users to bypass certain security restrictions, and by malicious users and malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).
For more information:
SA34827
SA35261
SA35691
SA35781
SA35797
4) A weakness in Apache can be exploited to conduct cross-site scripting attacks via the HTTP TRACE method.
5) Some vulnerabilities in Apache Portable Runtime can be exploited by malicious users and malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or compromise an application using the library.
For more information:
SA36138
6) Multiple boundary errors exist in Apple Type Services when handling embedded fonts. These can be exploited to cause buffer overflows and execute arbitrary code when a document containing a specially crafted embedded font is being viewed or downloaded.
7) A weakness in the Certificate Assistant component can mislead a user into accepting a specially crafted certificate, containing NUL characters in the Common Name field, as it visually appears to match the domain visited by the user.
8) Multiple integer overflow errors exist in the CoreGraphics component, which can be exploited to cause heap-based buffer overflows and execute arbitrary code when a specially crafted PDF file is opened.
9) Multiple errors in CoreMedia and QuickTime can be exploited by malicious people to compromise a vulnerable system.
For more information:
SA36627
10) A vulnerability in CUPS can be exploited by malicious people to conduct cross-site scripting attacks.
For more information:
SA37308
11) An unspecified design error in the Dictionary component can be exploited to write arbitrary data to arbitrary locations on the user's filesystem.
Successful exploitation allows execution of arbitrary code, but requires access to the local network.
12) An error in the DirectoryService component can be exploited to corrupt memory and execute arbitrary code on systems that are configured as DirectoryService servers.
13) An error in the Disk Images component can be exploited to cause a heap-based buffer overflow and execute arbitrary code when a specially crafted image containing a FAT filesystem is downloaded.
14) Multiple vulnerabilities in Dovecot can be exploited by malicious users to potentially compromise a vulnerable system.
For more information:
SA36698
15) An input validation error exists in the Event Monitor component. This can be exploited to inject certain data to log files by passing specially crafted authentication information to the SSH server.
NOTE: This can potentially lead to a DoS (Denial of Service) in services that process the affected log files.
16) A vulnerability in fetchmail can be exploited by malicious people to conduct spoofing attacks.
For more information:
SA36179
17) A boundary error in the "file" utility can be exploited to cause buffer overflows and execute arbitrary code when a user uses "file" on a specially crafted Common Document Format (CDF) file.
18) An error in the FTP Server component can be exploited to cause a buffer overflow and execute arbitrary code via the CWD command.
19) The Help Viewer component does not use HTTPS for viewing remote Apple Help content, which can be exploited to spoof HTTP responses containing malicious help:runscript links.
Successful exploitation allows execution of arbitrary code.
20) A boundary error in the ImageIO component when handling TIFF images can be exploited to cause a buffer underflow and potentially execute arbitrary code.
This is related to:
SA35515
21) An unspecified error within the UCCompareTextDefault API in International Components for Unicode can be exploited to cause a buffer overflow and potentially execute arbitrary code.
22) A weakness in IOKit can be exploited by non-privileged users to update the firmware in an attached USB or Bluetooth Apple keyboard.
23) Multiple vulnerabilities in the IPSec component can be exploited by malicious people to cause a DoS (Denial of Service).
For more information:
SA31478
24) Multiple input validation errors exist in the Kernel when handling task state segments. These can be exploited to disclose sensitive information, cause a DoS, or gain escalated privileges.
25) An error in the Launch Services component when opening a quarantined folder can lead to a missing warning dialog.
26) Some vulnerabilities in libxml can be exploited by malicious people to cause a DoS (Denial of Service).
For more information:
SA36207
27) A race condition in the Login Window component can be exploited to log in to any account without providing a password.
Successful exploitation requires that an account without a password (such as the Guest account) exists on the system.
28) An error in the handling of SSL certificates in OpenLDAP can be exploited to conduct MitM (Man-in-the-Middle) attacks via certificates containing NUL characters in the Common Name field.
29) Multiple vulnerabilities in OpenLDAP can be exploited by malicious users to cause a DoS (Denial of Service).
For more information:
SA27424
30) Multiple vulnerabilities in OpenSSH can be exploited by malicious people to disclose sensitive information.
For more information:
SA32760
31) Multiple vulnerabilities with an unspecified impact exist in PHP.
For more information:
SA36791
32) An unspecified error in the handling of PICT images can be exploited to cause a heap-based buffer overflow and execute arbitrary code.
33) An integer overflow error in QuickLook when handling Microsoft Office files can be exploited to cause a buffer overflow and execute arbitrary code.
34) A vulnerability in FreeRADIUS can be exploited by malicious people to cause a DoS.
For more information:
SA36676
35) Multiple unspecified errors in the Screen Sharing client can be exploited to cause a memory corruption and execute arbitrary code when a specially crafted VNC server is being accessed, e.g. by opening a "vnc://" URL.
36) An insecure file operation in the Spotlight component can be exploited to overwrite files with privileges of another user.
37) Multiple vulnerabilities in Subversion can be exploited by malicious users and malicious people to compromise a vulnerable system.
For more information:
SA36184
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
Today
|
New advisories:
|
13 |
|
New vulnerabilities:
|
18 |
|
Updated advisories:
|
17 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
