Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1) A boundary error in the AFP Client component can be exploited to corrupt memory and potentially execute arbitrary code when a user accesses a specially crafted AFP server.

2) A weakness in the Adaptive Firewall component can lead to brute force or dictionary attacks not being detected.

3) Some vulnerabilities in Apache can be exploited by malicious, local users to bypass certain security restrictions, and by malicious users and malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).

For more information:
SA34827
SA35261
SA35691
SA35781
SA35797

4) A weakness in Apache can be exploited to conduct cross-site scripting attacks via the HTTP TRACE method.

5) Some vulnerabilities in Apache Portable Runtime can be exploited by malicious users and malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or compromise an application using the library.

For more information:
SA36138

6) Multiple boundary errors exist in Apple Type Services when handling embedded fonts. These can be exploited to cause buffer overflows and execute arbitrary code when a document containing a specially crafted embedded font is being viewed or downloaded.

7) A weakness in the Certificate Assistant component can mislead a user into accepting a specially crafted certificate, containing NUL characters in the Common Name field, as it visually appears to match the domain visited by the user.

8) Multiple integer overflow errors exist in the CoreGraphics component, which can be exploited to cause heap-based buffer overflows and execute arbitrary code when a specially crafted PDF file is opened.

9) Multiple errors in CoreMedia and QuickTime can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA36627

10) A vulnerability in CUPS can be exploited by malicious people to conduct cross-site scripting attacks.

For more information:
SA37308

11) An unspecified design error in the Dictionary component can be exploited to write arbitrary data to arbitrary locations on the user's filesystem.

Successful exploitation allows execution of arbitrary code, but requires access to the local network.

12) An error in the DirectoryService component can be exploited to corrupt memory and execute arbitrary code on systems that are configured as DirectoryService servers.

13) An error in the Disk Images component can be exploited to cause a heap-based buffer overflow and execute arbitrary code when a specially crafted image containing a FAT filesystem is downloaded.

14) Multiple vulnerabilities in Dovecot can be exploited by malicious users to potentially compromise a vulnerable system.

For more information:
SA36698

15) An input validation error exists in the Event Monitor component. This can be exploited to inject certain data to log files by passing specially crafted authentication information to the SSH server.

NOTE: This can potentially lead to a DoS (Denial of Service) in services that process the affected log files.

16) A vulnerability in fetchmail can be exploited by malicious people to conduct spoofing attacks.

For more information:
SA36179

17) A boundary error in the "file" utility can be exploited to cause buffer overflows and execute arbitrary code when a user uses "file" on a specially crafted Common Document Format (CDF) file.

18) An error in the FTP Server component can be exploited to cause a buffer overflow and execute arbitrary code via the CWD command.

19) The Help Viewer component does not use HTTPS for viewing remote Apple Help content, which can be exploited to spoof HTTP responses containing malicious help:runscript links.

Successful exploitation allows execution of arbitrary code.

20) A boundary error in the ImageIO component when handling TIFF images can be exploited to cause a buffer underflow and potentially execute arbitrary code.

This is related to:
SA35515

21) An unspecified error within the UCCompareTextDefault API in International Components for Unicode can be exploited to cause a buffer overflow and potentially execute arbitrary code.

22) A weakness in IOKit can be exploited by non-privileged users to update the firmware in an attached USB or Bluetooth Apple keyboard.

23) Multiple vulnerabilities in the IPSec component can be exploited by malicious people to cause a DoS (Denial of Service).

For more information:
SA31478

24) Multiple input validation errors exist in the Kernel when handling task state segments. These can be exploited to disclose sensitive information, cause a DoS, or gain escalated privileges.

25) An error in the Launch Services component when opening a quarantined folder can lead to a missing warning dialog.

26) Some vulnerabilities in libxml can be exploited by malicious people to cause a DoS (Denial of Service).

For more information:
SA36207

27) A race condition in the Login Window component can be exploited to log in to any account without providing a password.

Successful exploitation requires that an account without a password (such as the Guest account) exists on the system.

28) An error in the handling of SSL certificates in OpenLDAP can be exploited to conduct MitM (Man-in-the-Middle) attacks via certificates containing NUL characters in the Common Name field.

29) Multiple vulnerabilities in OpenLDAP can be exploited by malicious users to cause a DoS (Denial of Service).

For more information:
SA27424

30) Multiple vulnerabilities in OpenSSH can be exploited by malicious people to disclose sensitive information.

For more information:
SA32760

31) Multiple vulnerabilities with an unspecified impact exist in PHP.

For more information:
SA36791

32) An unspecified error in the handling of PICT images can be exploited to cause a heap-based buffer overflow and execute arbitrary code.

33) An integer overflow error in QuickLook when handling Microsoft Office files can be exploited to cause a buffer overflow and execute arbitrary code.

34) A vulnerability in FreeRADIUS can be exploited by malicious people to cause a DoS.

For more information:
SA36676

35) Multiple unspecified errors in the Screen Sharing client can be exploited to cause a memory corruption and execute arbitrary code when a specially crafted VNC server is being accessed, e.g. by opening a "vnc://" URL.

36) An insecure file operation in the Spotlight component can be exploited to overwrite files with privileges of another user.

37) Multiple vulnerabilities in Subversion can be exploited by malicious users and malicious people to compromise a vulnerable system.

For more information:
SA36184

Solution
Update to Mac OS X 10.6.2 or apply Security Update 2009-006.
Further details available to Secunia VIM customers

Provided and/or discovered by
9) The vendor credits:
* Tom Ferris of the Adobe Secure Software Engineering Team.
* An anonymous researcher working with the ZDI.
* Alex Selivanov
* Damian Put working with the ZDI.
21) The vendor credits Nikita Zhuk and Petteri Kamppuri of MK&C.
22) The vendor credits K. Chen of Georgia Institute of Technology.
25) The vendor credits Regis Duchesne of VMware, Inc.
26) The vendor credits Rauli Kaksonen and Jukka Taimisto from the CROSS project at Codenomicon Ltd.
32) The vendor credits Nicolas Joly of VUPEN Vulnerability Research Team.

Original Advisory
Apple:
http://support.apple.com/kb/HT3937

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers