فا

‫ Apple Mac OS X Multiple Vulnerabilities

IRCAD2013092883
ID: IRCAD2013092883
Release Date: 2013-09-13
Criticality level: Highly critical
Software:
Apple Macintosh OS X
Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) Some errors exist due to a bundled vulnerable version of Apache.
2) Some errors exist due to a bundled vulnerable version of Bind.
3) Some errors exist due to a bundled vulnerable version of ClamAV.
4) A boundary error in the CoreGraphics component when handling JBIG2 encoded data within PDF files can be exploited to cause a buffer overflow.
5) A boundary error in the ImageIO component when handling JBIG2 encoded data within PDF files can be exploited to cause a buffer overflow.
6) An error in the IPSec component does not verify the DNS name of an IPSec Hybrid Auth server against the certificate and can be exploited to spoof the server.
7) An error in the Kernel component when parsing IGMP packets can be exploited to cause a kernel panic.
8) An error in the Mobile Device Management component when handling a password passed via command-line to mdmclient can be exploited to disclose the password of other users.
9) Some errors exist due to a bundled vulnerable version of OpenSSL.
10) Some errors exist due to a bundled vulnerable version of PHP.
11) Some errors exist due to a bundled vulnerable version of PostgreSQL.
12) A boundary error in the QuickTime component when handling 'idsc' atoms in QuickTime movie files can be exploited to cause a memory corruption.
13) An error in the Screen Lock component can be exploited to bypass the screen lock when another user is logged in.
Successful exploitation of this weakness requires screen sharing access.
The vulnerabilities are reported in versions prior to 10.8.5.
Solution
Update to version 10.8.5 or apply Security Update 2013-004.
References:
APPLE-SA-2013-09-12-1:
Security Update 2013-004:
 Secunia
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 27 شهریور 1392

امتیاز

امتیاز شما
تعداد امتیازها:0