Internet threat level: 1
Home→Descriptions→SA47843
Apple Mac OS X Multiple Vulnerabilities
| Secunia ID | |
| CVE-ID |
CVE-2010-1637, CVE-2010-2813, CVE-2010-4554, CVE-2010-4555, CVE-2011-0200, CVE-2011-0241, CVE-2011-1148, CVE-2011-1167, CVE-2011-1657, CVE-2011-1752, CVE-2011-1783, CVE-2011-1921, CVE-2011-1938, CVE-2011-2023, CVE-2011-2192, CVE-2011-2202, CVE-2011-2204, CVE-2011-2483, CVE-2011-2895, CVE-2011-2937, CVE-2011-3182, CVE-2011-3189, CVE-2011-3246, CVE-2011-3248, CVE-2011-3249, CVE-2011-3250, CVE-2011-3252, CVE-2011-3256, CVE-2011-3267, CVE-2011-3268, CVE-2011-3328, CVE-2011-3348, CVE-2011-3389, CVE-2011-3422, CVE-2011-3441, CVE-2011-3444, CVE-2011-3446, CVE-2011-3447, CVE-2011-3448, CVE-2011-3449, CVE-2011-3450, CVE-2011-3452, CVE-2011-3453, CVE-2011-3457, CVE-2011-3458, CVE-2011-3459, CVE-2011-3460, CVE-2011-3462, CVE-2011-3463 |
| Release Date |
03 Feb 2012 |
| Last Change |
06 Aug 2012 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Where | |
| Impact |
DoS (Denial of Service)This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system. System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. Cross-Site ScriptingCross-Site Scripting vulnerabilities allow a third party to manipulate the content or behaviour of a web application in a user's browser, without compromising the underlying system. Different Cross-Site Scripting related vulnerabilities are also classified under this category, including "script insertion" and "cross-site request forgery". Cross-Site Scripting vulnerabilities are often used against specific users of a website to steal their credentials or to conduct spoofing attacks. Exposure of sensitive informationVulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote. Privilege escalationThis covers vulnerabilities where a user is able to conduct certain tasks with the privileges of other users or administrative users. This typically includes cases where a local user on a client or server system can gain access to the administrator or root account thus taking full control of the system. SpoofingThis covers various vulnerabilities where it is possible for malicious users or people to impersonate other users or systems. |
| Description |
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) The Address Book component downgrades to an unencrypted connection when an encrypted connection fails. This can be exploited to intercept CardDAV data. 2) An error in the bundled version of Apache can be exploited to cause a temporary DoS (Denial of Service). For more information: 3) A design error in Apache within the Secure Sockets Layer 3.0 (SSL) and Transport Layer Security 1.0 (TLS) protocols when using a block cipher in CBC mode can be exploited to decrypt data protected by SSL. 4) An error in ATS when handling data-font files can be exploited to corrupt memory via a specially crafted font opened by Font Book. 5) An error in CFNetwork when handling URLs can be exploited to disclose sensitive information via a specially crafted web page as a request could be sent to an incorrect origin server. 6) An error in CFNetwork when handling URLs can be exploited to disclose sensitive information via a specially crafted web page as unexpected request headers could be sent. 7) An integer overflow error in ColorSync can be exploited to cause a heap-based buffer overflow. For more information see vulnerability #5: 8) An error in CoreAudio when handling AAC encoded audio streams can be exploited to cause a buffer overflow when playing specially crafted audio content. 9) An error in CoreMedia when handling H.264 encoded movies can be exploited to cause a heap-based buffer overflow. 10) A use-after-free error in CoreText when handling documents containing fonts can be exploited to dereference already freed memory via a specially crafted font. 11) An error exists in CoreUI when handling long URLs and can be exploited via a specially crafted website. 12) An error in curl can be exploited by remote servers to impersonate clients via GSSAPI requests. For more information: 13) Two of the certificate authorities in the list of trusted root certificates have issued intermediate certificates to DigiCert Malaysia, who has issued certificates with weak keys that cannot be revoked. 14) A design error in dovecot within the Secure Sockets Layer 3.0 (SSL) and Transport Layer Security 1.0 (TLS) protocols when using a block cipher in CBC mode can be exploited to decrypt data protected by SSL. 15) An error in the uncompress command line tool when decompressing compressed files can be exploited to cause a buffer overflow. For more information: 16) An error in ImageIO when parsing TIFF images can be exploited to cause a buffer overflow. For more information see vulnerability #9: 17) An error in ImageIO when handling ThunderScan encoded TIFF images can be exploited to cause a buffer overflow. For more information see vulnerability #2: 18) An error exists in the bundled version of libpng. For more information: 19) An error in Internet Sharing may cause the used Wi-Fi configuration to revert to factory defaults (e.g. disabling the WEP password) after a system update. 20) An error in Libinfo can be exploited to disclose sensitive information via a specially crafted website. For more information see vulnerability #4: 21) An integer overflow error in libresolv when parsing DNS resource records can be exploited to cause a heap-based buffer overflow. 22) An error in libsecurity may cause some EV certificates to be trusted even when the corresponding root is marked untrusted. 23) Multiple errors in OpenGL when handling GLSL compilation can be exploited to corrupt memory. 24) Multiple errors exist in the bundled version of PHP. For more information: 25) Various errors in FreeType when handling Type 1 fonts can be exploited to corrupt memory. For more information: 26) An error in QuickTime when parsing the header of MP4 encoded files can be exploited to access uninitialised memory. 27) A signedness error in QuickTime when handling font tables embedded in movie files can be exploited to corrupt memory. 28) An off-by-one error in QuickTime when handling rdrf atoms in movie files can be exploited to cause a single byte buffer overflow. 29) An error in QuickTime when parsing JPEG2000 images can be exploited to cause a buffer overflow. 30) An error in QuickTime when parsing the MediaVideo header in videos encoded with the PNG format can be exploited to cause a buffer overflow via a video with a specially crafted bit depth. 31) An error in QuickTime when handling FLC encoded movie files can be exploited to cause a buffer overflow. 32) Multiple errors exists in the bundled version of SquirrelMail. For more information: 33) Various errors exist in the bundled version of Subversion. For more information: 34) Time Machine does not verify that a designated remote AFP volume or Time Capsule is used for subsequent backups. This can be exploited to access backups by spoofing the remote volume. 35) Errors exist in the bundled version of Tomcat. For more information: 36) An error in WebDAV Sharing when handling user authentication can be exploited by local users to gain escalated privileges. 37) An error exists in the bundled version of Webmail. For more information: |
| Solution |
Update to OS X Lion version 10.7.3 or apply Security Update 2012-001. |
| Reported by |
4, 10) Will Dormann, CERT/CC The vendor also credits: |
| Original Advisory |
Apple Security Update 2012-001: US-CERT: ZDI: |
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.