---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38241 VERIFY ADVISORY: http://secunia.com/advisories/38241/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) A boundary error in CoreAudio can be exploited to cause a buffer overflow via a specially crafted mp4 audio file. Successful exploitation of this vulnerability may allow execution of arbitrary code. 2) An error in CUPS can be exploited to cause a DoS (Denial of Service). For more information: SA37364 3) Multiple vulnerabilities in the Flash Player plug-in can be exploited to gain knowledge of system information or compromise a user's system. For more information: SA37584 4) A vulnerability in ImageIO can be exploited to cause a DoS or to potentially compromise a user's system. For more information: SA35515 5) A boundary error in Image RAW can be exploited to cause a buffer overflow via a specially crafted DNG image. Successful exploitation of this vulnerability may allow execution of arbitrary code. 6) A vulnerability in OpenSSL can be exploited to manipulate certain data. For more information: SA37291 SOLUTION: Apply Security Update 2010-001. Security Update 2010-001 (Snow Leopard): http://support.apple.com/kb/DL994 Security Update 2010-001 Server (Leopard): http://support.apple.com/kb/DL992 Security Update 2010-001 Client (Leopard): http://support.apple.com/kb/DL993 PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Tobias Klein, trapkit.de 3) Damian Put, TippingPoints Zero Day Initiative, Bing Liu of Fortinet's FortiGuard Global Security Research Team, Will Dormann of CERT, Manuel Caballero and Microsoft Vulnerability Research (MSVR) 5) Jason Carr, Carnegie Mellon University Computing Services 6) Steve Dispensa and Marsh Ray, PhoneFactor, Inc. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4004 OTHER REFERENCES: SA35515: http://secunia.com/advisories/35515/ SA37291: http://secunia.com/advisories/37291/ SA37364: http://secunia.com/advisories/37364/ SA37584: http://secunia.com/advisories/37584/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------