Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Apple Security updates released InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Apple Security updates released

Published: 2007-02-15
Last Updated: 2007-02-15 22:58:43 UTC
by Maarten Van Horenbeeck (Version: 1)
0 comment(s)

Apple released a security update today for users of Mac OS X v10.3.9 and v10.4.8 (including OS X Server):

  • Mounting a maliciously-crafted disk image could lead to a crash or arbitrary code execution (CVE-2007-0197)
  • Attackers on the local network can cause iChat to crash. A proof of concept was published in January (CVE-2007-0614 and CVE-2007-0710)
  • By using iChat AIM to visit a maliciously crafted URL an attacker could trigger an overflow, leading to a crash of the application or arbitrary code execution.
  • The UserNotificationCenter runs with elevated privileges in a local user context. This update forces the application to drop its group privileges shortly after starting. While this does not fix a directly exploitable vulnerability in itself, it fortifies the overall security posture of the application.

Security Update 2007-002, which contains these fixes, can be downloaded at Apple Downloads. Also have a look at these Java and DST updates.


0 comment(s)
Diary Archives