3) A format string error within AppleScript Studio when handling certain commands via dialogs can be exploited to potentially execute arbitrary code.
4) An unspecified error in the handling of embedded OpenType fonts in Apple Type Services (ATS) can be exploited to cause a heap-based buffer overflow when a specially crafted document is viewed or downloaded.
5) Multiple unspecified errors in the handling of embedded TrueType fonts in Apple Type Services (ATS) can be exploited to cause a buffer overflow when a specially crafted document is viewed or downloaded.
6) An error exists in the Type1Scaler library in Apple Type Services (ATS) when processing embedded Type 1 fonts. This can be exploited to cause a buffer overflow e.g. via a specially crafted file opened in Preview.
7) Multiple unspecified errors in the handling of SFNT tables in embedded fonts in Apple Type Services (ATS) can be exploited to cause a buffer overflow when a specially crafted document is viewed or downloaded.
8) An integer overflow error in bzip2 can be exploited to terminate an application using the library or execute arbitrary code via a specially crafted archive.
26) Multiple errors in PHP can be exploited by malicious users and malicious people to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
28) An error in the OfficeImport framework when processing records containing formulas shared between multiple cells can be exploited to corrupt memory and potentially execute arbitrary code.
29) A boundary error exists in QuickLook when parsing an OfficeArtMetafileHeader record in certain Microsoft Office files. This can be exploited to cause a buffer overflow and execute arbitrary code when e.g. a specially crafted document is opened via Safari.
30) Multiple unspecified errors in QuickTime when handling JPEG2000, FlashPix, and panorama atoms in QTVR (QuickTime Virtual Reality) movie files can be exploited to corrupt memory via specially crafted files.
31) An integer overflow error in QuickTime when handling certain movie files can be exploited to potentially execute arbitrary code when a specially crafted file is viewed.
32) An error within QuickTime plug-in when handling cross-site redirects can be exploited to disclose video data.
33) An integer truncation error within the Ruby BigDecimal class can be exploited to potentially execute arbitrary code.
This vulnerability only affects 64-bit Ruby processes.
34) A boundary error in Samba can be exploited by malicious people to potentially compromise a vulnerable system.
Solution: Update to version 10.6.7 or apply Security Update 2011-001.
Provided and/or discovered by: 6) geekable via ZDI.
12) Dan Rosenberg, Virtual Security Research.
15, 16, 33) Reported by the vendor.
17) Dominic Chell, NGS Secure.
18) Paul Harrington, NGS Secure.
28) Tobias Klein via iDefense.
29) Charlie Miller and Dion Blazakis via ZDI.
The vendor credits:
3) Alexander Strange.
5) Christoph Diehl of Mozilla, Felix Grobert of the Google Security Team, Marc Schoenefeld of Red Hat Security Response Team, and Tavis Ormandy and Will Drewry of Google Security Team.
6) Felix Grobert, Google Security Team.
7) Marc Schoenefeld, Red Hat Security Response Team.
11) Christoph Diehl, Mozilla.
13) Andrzej Dyjak via iDefense.
14) Harry Sintonen.
19) Aaron Sigel, vtty.com.
21) Jeff Mears.
22) Peter Schwenk, University of Delaware.
30) Will Dormann of CERT/CC, Damian Put and an anonymous researcher via ZDI, and Rodrigo Rubira Branco of Check Point Vulnerability Discovery Team.
31) Honggang Ren, Fortinet's FortiGuard Labs.
32) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR).
36) Matt Warren, HNW Inc.
Original Advisory: Apple:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: Apple Mac OS X Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.