Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Security Update 2009-003 / Mac OS X v10.5.8 - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Security Update 2009-003 / Mac OS X v10.5.8

Details of these will be posted here soon:
http://support.apple.com/kb/HT1222

Updates can be obtained here:
http://www.apple.com/support/downloads/

bzip2 CVE-ID: CVE-2008-1372
Application termination.

CFNetwork CVE-ID: CVE-2009-1723
Incorrect URL displayed after a redirect.

ColorSync CVE-ID: CVE-2009-1726
Arbitrary code execution or application termination.

CoreTypes CVE-ID: CVE-2009-1727
Risk of execution of malicious JavaScript.

CoreTypes CVE-ID: CVE-2009-1727
Physical access may allow application management while system is locked via the screen saver.

Image RAW CVE-ID: CVE-2009-1728
Arbitrary code execution or Application termination.

ImageIO CVE-ID: CVE-2009-1722, CVE-2009-1721, CVE-2009-1720, CVE-2009-2188
Arbitrary code execution or Application termination.

Kernel CVE-ID: CVE-2009-1235
Local privilege escalation.

launchd CVE-ID: CVE-2009-2190
DOS

Login Window CVE-ID: CVE-2009-2191
Arbitrary code execution or Application termination.

MobileMe CVE-ID: CVE-2009-2192
Local credential reuse after signing out.

Networking CVE-ID: CVE-2009-2193
Arbitrary code execution or Application termination.

Networking CVE-ID: CVE-2009-2194
DOS

XQuery CVE-ID: CVE-2008-0674
Arbitrary code execution.
 

donald

206 Posts
ISC Handler
I've noted a number of persons, myself included who have issues with the Broadcom BCM43xx wireless in MacBooks after the 10.5.8 update when running on battery (99.9% packet loss). I know, sounds crazy, but if connected to a power source wireless is fine. See:
http://www.macfixit.com/article.php?story=2009080609491937
http://discussions.apple.com/thread.jspa?threadID=2106689&start=0&tstart=0
Anonymous

Sign Up for Free or Log In to start participating in the conversation!