Mac OS X Security Vulnerabilities O’Plenty

Apple’s OS X is in the news again this morning with the release of security vulnerabilities aplenty. Time to patch my workhorse MacBook.

From Secunia:

Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1) Multiple boundary errors in AFP client when processing “afp://” URLs can be exploited to cause stack-based buffer overflows when a user connects to a malicious AFP server.

Successful exploitation may allow execution of arbitrary code.

2) An error exists in AFP Server when checking Kerberos principal realm names. This can be exploited to make unauthorized connections to the server when cross-realm authentication with AFP Server is used.

3) Multiple vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.

4) A boundary error within the handling of file names in the NSDocument API in AppKit can be exploited to cause a stack-based buffer overflow.

5) An error in NSApplication in AppKit can potentially be exploited to execute code with escalated privileges by sending a maliciously crafted messages to privileged applications in the same bootstrap namespace.

6) Multiple integer overflow errors exist in the parser for a legacy serialization format. This can be exploited to cause a heap-based buffer overflow when a specially crafted serialized property list is parsed.

Successful exploitation may allow execution of arbitrary code.

7) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server.

…and it goes on like this.

As well, there was a release concerning the Safari browser.

Get your patch on.

Article Link

[Source: Liquidmatrix]

0 comments