فا

‫ Apple OS X Multiple Vulnerabilities

IRCAD2013102949
ID: IRCAD2013102949
Release Date: 2013-10-23
Criticality level: Highly critical
 
Software:
Apple Macintosh OS X
 
Description:
Apple has issued a security update for Mac OS X, which fixes multiple weaknesses, security issues, and vulnerabilities.
1) An error in the blockApp within the Application Firewall component does not properly restrict an application from receiving network connections.
2) An error in the LaunchServices interface within the App Sandbox component can be exploited to bypass the sandbox via arguments passed to a new process.
3) An error in the Bluetooth USB host controller within the Bluetooth component can be exploited to delete certain necessary interfaces and subsequently cause a system termination.
4) An error when handling session cookies within the CFNetwork does not properly delete session cookies on a reset of Safari.
5) A design error exists within the implementation of SSL 3.0 and TLS 1.0 protocols within the CFNetwork SSL component.
6) A logic error when handling the sleep mode within the CoreGraphics component can be exploited to cause data corruption and subsequently display a window over the lock screen.
7) An error within the CoreGraphics component can be exploited to cause a buffer underflow via a specially crafted PDF file.
8) An error when registering for a hotkey event within the CoreGraphics component can be exploited to bypass certain secure input mode restrictions.
9) Two errors exist within the curl component.
10) Some boundary errors in the "openSharedCacheFile()" function within the dyld component can be exploited to cause buffer overflows.
11) A NULL pointer dereference error in IOCatalogue within IOKitUser component can be exploited to cause a system termination.
12) A boundary error within the IOSerialFamily component can be exploited to cause an out of bounds array access within the IOSerialFamily driver.
13) An error when handling the SHA-2 family of digest functions within the Kernel component can be exploited to cause a kernel panic via a specially crafted output length.
14) An error in the msgctl and segctl APIs within the Kernel component can be exploited to disclose kernel stack memory.
15) An error when handling request from userspace to the random number generator within the Kernel component can be exploited to cause a lock for a long period via a specially crafted, large request.
16) A signedness error when handling handling tty reads within the Kernel component can be exploited to cause a system termination.
17) A boundary error error when handling Mach-O files within the Kernel component can be exploited to disclose kernel memory or cause a system termination.
18) A boundary error when handling tty devices within the Kernel component can be exploited to cause a system hang.
19) An error when validating iovec structures within the Kernel component can be exploited to cause a system termination via a specially crafted user-supplied iovec structure.
20) A boundary error exists when handling arguments to the posix_spawn API within the Kernel component.
21) An error when verifying multicast packets during the use of a Wi-Fi network within the Kernel component can be exploited to cause a system termination.
22) An error exists when handling IPv6 ICMP packets within the Kernel component.
23) An integer truncation error in the kernel socket interface within the Kernel component can be exploited to cause a system hang.
24) An error when handling IPC messages from unauthenticated senders within the Kext Management component can be exploited to bypass certain authorisation checks.
25) An error when handling certain unicode characters within the LaunchServices component can be exploited to spoof a different extension.
26) A logic error when handling the auto-configuration of certain mailservers within the Mail Accounts component may lead to choosing plaintext authentication over CRAM-MD5 authentication.
27) A logic error when handling certain messages with a multipart/signed part within the Mail Header Display component can be exploited to let an unsigned message appears to be validly signed.
28) An error within the Mail Networking component sends some unencrypted data to the mail server and subsequently leads to the termination of the connection.
Successful exploitation of this security issue requires that Kerberos authentication is enabled and Transport Layer Security is disabled.
29) An error when handling the minssf configuration in the ldapsearch command line tool within the OpenLDAP component may lead to otherwise disallowed weak encryption.
30) An error exists when rehashing user input within the perl component.
31) An error when handling locks in the power assertion management within the Power Management component may not properly enable the screen lock after the specified time frame.
32) Multiple errors exist within the python component.
33) An error exists when verifying a server SSL certificate in the ruby component.
34) An error exists when handling X.509 certificates with MD5 hashes within the Security component.
35) An error when handling the "Require an administrator password to access system preferences with lock icons" setting within the Security - Authorization component can potentially be exploited to access certain otherwise restricted functionality after a software update or upgrade.
36) A logic error when handling Smart Card certificate revocation checks within the Security - Smart Card Services component can be exploited to bypass the certificate revocation checks.
37) An error in the lock handling within the Screen Lock component may lead to a waking from hibernation without prompting for a password.
Successful exploitation of this security issue requires hibernation and autologin to be enabled.
38) A format string error exists when handling the VNC username within the Screen Sharing Server component.
Successful exploitation of the vulnerabilities #7, #‫10, #‫12, and #‫38 may allow execution of arbitrary code.
39) An error when handling log messages of guest users within the syslog component can be exploited to potentially gain knowledge.
The weaknesses, security issues, and vulnerabilities are reported in versions prior to 10.9 (Maverick).
 
Solution
Update to version 10.9 (Maverick).
 
References:
APPLE-SA-2013-10-22-3:
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 4 آبان 1392

امتیاز

امتیاز شما
تعداد امتیازها:0