‫ Apple Mac OS X Multiple Vulnerabilities

IRCAD2013032591
ID: IRCAD2013032591
Release Date: 2013-03-15
Criticality level: Highly critical
 
Software:
Apple Macintosh OS X
 
Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) A canonicalisation error within the mod_hfs_apple when handling URIs with certain unicode sequences can be exploited to bypass the HTTP authentication and access otherwise restricted directories.
2) An error exists in International Components for Unicode.
3) An error exists in the Identity Service.
4) An error exists in ImageIO.
5) An error when handling graphics data in IOAcceleratorFamily can be exploited to corrupt memory.
6) An error exists in Kernel.
7) A logic error when handling VoiceOver at the Login Window can be exploited to e.g. modify system configurations by launching System Preferences.
8) An error exists in Message Server.
9) A use-after-free error when handling ink annotations in PDF files within PDFKit can be exploited via a specially crafted PDF file.
10) Two errors exist in Podcast Producer Server.
11) Multiple errors exists in PostgreSQL.
12) An error exists in Profile Manager.
13) An error exists in QuickTime.
14) An error exists in Ruby.
15) An error when handling plugin content within Software Update can be exploited via Man-in-the-Middle (MitM) attacks.
16) Two errors exists in Wiki Server.
Note: Additionally a weakness exists when handling FaceTime:// URLs within Messages, which can be exploited to bypass the FaceTime call confirmation and initiate a FaceTime call by tricking a user into clicking a specially crafted link.
 
Solution
Update to OS X Mountain Lion 10.8.3 or apply Security Update 2013-001.
 
References:
APPLE-SA-2013-03-14-1:
 
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 26 اسفند 1391

امتیاز

امتیاز شما
تعداد امتیازها:0