Secunia Security Advisory - Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
b0b58b74b11a5ad7b69164755ba8de684098739460d138d9e30cef1eed03b8a5
----------------------------------------------------------------------
Secunia integrated with Microsoft WSUS
http://secunia.com/blog/71/
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA38241
VERIFY ADVISORY:
http://secunia.com/advisories/38241/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) A boundary error in CoreAudio can be exploited to cause a buffer
overflow via a specially crafted mp4 audio file.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
2) An error in CUPS can be exploited to cause a DoS (Denial of
Service).
For more information:
SA37364
3) Multiple vulnerabilities in the Flash Player plug-in can be
exploited to gain knowledge of system information or compromise a
user's system.
For more information:
SA37584
4) A vulnerability in ImageIO can be exploited to cause a DoS or to
potentially compromise a user's system.
For more information:
SA35515
5) A boundary error in Image RAW can be exploited to cause a buffer
overflow via a specially crafted DNG image.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
6) A vulnerability in OpenSSL can be exploited to manipulate certain
data.
For more information:
SA37291
SOLUTION:
Apply Security Update 2010-001.
Security Update 2010-001 (Snow Leopard):
http://support.apple.com/kb/DL994
Security Update 2010-001 Server (Leopard):
http://support.apple.com/kb/DL992
Security Update 2010-001 Client (Leopard):
http://support.apple.com/kb/DL993
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Tobias Klein, trapkit.de
3) Damian Put, TippingPoints Zero Day Initiative, Bing Liu of
Fortinet's FortiGuard Global Security Research Team, Will Dormann of
CERT, Manuel Caballero and Microsoft Vulnerability Research (MSVR)
5) Jason Carr, Carnegie Mellon University Computing Services
6) Steve Dispensa and Marsh Ray, PhoneFactor, Inc.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4004
OTHER REFERENCES:
SA35515:
http://secunia.com/advisories/35515/
SA37291:
http://secunia.com/advisories/37291/
SA37364:
http://secunia.com/advisories/37364/
SA37584:
http://secunia.com/advisories/37584/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------