Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Reports of multiple OS X vulnerabilities with PoC - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Reports of multiple OS X vulnerabilities with PoC

Multiple vulnerabilities have been reported in Apple Mac OS X and applications. Proof of Concept code has already been posted along with the information regarding the vulnerabilities. At this time no patches or workarounds appear to be available for the majority of the vulnerabilities. The impact is Denial of Service or arbitrary code executed remotely, and severity is highly critical.

Links to advisories:

Apple OS X 10.4.5 .tiff "LZWDecodeVector ()" Heap Overflow
http://www.security-protocols.com/sp-x24-advisory.php

Apple OS X BOM ArchiveHelper .zip Heap Overflow
http://www.security-protocols.com/sp-x25-advisory.php

Apple OS X Safari 2.0.3 Multiple Vulnerabilities
http://www.security-protocols.com/sp-x26-advisory.php

Apple OS X 10.4.6 "ReadBMP ()" .bmp Heap Overflow
http://www.security-protocols.com/sp-x27-advisory.php

Apple OS X 10.4.6 "CFAllocatorAllocate ()" .gif Heap Overflow
http://www.security-protocols.com/sp-x28-advisory.php

Apple OS X 10.4.6 .tiff "_cg_TIFFSetField ()" DoS
http://www.security-protocols.com/sp-x29-advisory.php

Apple OS X 10.4.6 .tiff "PredictorVSetField ()" Heap Overflow
http://www.security-protocols.com/sp-x30-advisory.php

Cheers,
Adrien

Adrien de Beaupre

353 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!