Languages

Archived - About the security content of Mac OS X v10.6.5 and Security Update 2010-007

This document describes the security content of Mac OS X v10.6.5 and Security Update 2010-007.

This article has been archived and is no longer updated by Apple.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates".

Mac OS X v10.6.5 and Security Update 2010-007

  • AFP Server

    CVE-ID: CVE-2010-1828

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: A remote attacker may cause AFP Server to unexpectedly shutdown

    Description: A null pointer dereference exists in AFP Server's handling of reconnect authentication packets. A remote attacker may cause AFP Server to unexpectedly shutdown. Mac OS X automatically restarts AFP Server after a shutdown. This issue is addressed through improved validation of reconnect packets. Credit: Apple.

  • AFP Server

    CVE-ID: CVE-2010-1829

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: An authenticated user may cause arbitrary code execution

    Description: A directory traversal issue exists in AFP Server, which may allow an authenticated user to create files outside of a share with the permissions of the user. With a system configuration where users are permitted file sharing access only, this may lead to arbitrary code execution. This issue is addressed through improved path validation. Credit: Apple.

  • AFP Server

    CVE-ID: CVE-2010-1830

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: A remote attacker may determine the existence of an AFP share

    Description: An error handling issue exists in AFP Server. This may allow a remote attacker to determine the existence of an AFP share with a given name. This issue is addressed through improved signaling of error conditions. Credit: Apple.

  • Apache mod_perl

    CVE-ID: CVE-2009-0796

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: A remote attacker may cause cross-site scripting against the web server

    Description: A cross-site scripting issue exists in Apache mod_perl's encoding of HTML output for the /perl-status page. An attacker may leverage this issue to inject arbitrary script code in the context of a web site served by Apache. This issue does not affect the default configuration as mod_perl and its status page are not enabled by default. This issue is addressed by properly escaping HTML output.

  • Apache

    CVE-ID: CVE-2010-0408, CVE-2010-0434

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Multiple vulnerabilities in Apache 2.2.14

    Description: Apache is updated to version 2.2.15 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/

  • AppKit

    CVE-ID: CVE-2010-1842

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Rendering a bidirectional string that requires truncation may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow exists in AppKit. If a string containing bidirectional text is rendered, and it is truncated with an ellipsis, AppKit may apply an inappropriate layout calculation. This could lead to an unexpected application termination or arbitrary code execution. This issue is addressed by avoiding the inappropriate layout calculation. Credit to Jesse Ruderman of Mozilla Corporation for reporting this issue.

  • ATS

    CVE-ID: CVE-2010-1831

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution

    Description: A buffer overflow exists in Apple Type Services' handling of embedded fonts with long names. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking.

  • ATS

    CVE-ID: CVE-2010-1832

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution

    Description: A stack buffer overflow exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. On Mac OS X v10.6 systems this issue is mitigated by the -fstack-protector compiler flag. This issue is addressed through improved bounds checking. Credit: Apple.

  • ATS

    CVE-ID: CVE-2010-1833

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution

    Description: A memory corruption issue exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Marc Schoenefeld of Red Hat, and Christoph Diehl of Mozilla for reporting this issue.

  • ATS

    CVE-ID: CVE-2010-4010

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

    Impact: Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution

    Description: A signedness issue exists in Apple Type Services' handling of Compact Font Format (CFF) fonts. Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution. This issue is addressed through improved handling of CFF fonts. This issue does not affect Mac OS X v10.6 systems. Credit to Matias Eissler and Anibal Sacco of Core Security Technologies for reporting this issue.

  • CFNetwork

    CVE-ID: CVE-2010-1752

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A stack overflow exists in CFNetwork's URL handling code. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Laurent OUDOT of TEHTRI-Security, and Neil Fryer of IT Security Geeks for reporting this issue.

  • CFNetwork

    CVE-ID: CVE-2010-1834

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Visiting a maliciously crafted website may cause cookies to be set for other sites

    Description: An implementation issue exists in CFNetwork's handling of domain specifications in cookies. CFNetwork allows cookies to be set for a partial IP address. A maliciously crafted website may set a cookie that will be sent to a third-party site, if the third-party site is accessed by IP address. This update addresses the issue by through improved validation of domains specified in cookies.

  • CoreGraphics

    CVE-ID: CVE-2010-1836

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

    Description: A stack buffer overflow exists in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination. On 32-bit systems, it may also lead to arbitrary code execution. This update addresses the issues through improved bounds and error checking. Credit to Andrew Kiss for reporting this issue.

  • CoreText

    CVE-ID: CVE-2010-1837

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in CoreText's handling of font files. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of font files. Credit: Apple.

  • CUPS

    CVE-ID: CVE-2010-2941

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in the handling of Internet Printing Protocol (IPP) requests in CUPS. By sending a maliciously crafted IPP request, a remote attacker may cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. This issue may only be triggered remotely on systems with Printer Sharing enabled. Printer Sharing is not enabled by default. Credit to Emmanuel Bouillon of NATO C3 Agency for reporting this issue.

  • Directory Services

    CVE-ID: CVE-2010-1838

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: A local attacker may bypass the password validation and log in to a mobile account

    Description: An error handling issue exists in Directory Service. A local attacker with knowledge of the name of a disabled mobile account, or a mobile account that allows a limited number of login failures, may bypass the password validation and log in to the account. This issue is addressed through improved handling of disabled accounts.

  • Directory Services

    CVE-ID: CVE-2010-1840

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: An attacker may be able to cause an unexpected application termination or arbitrary code execution

    Description: A stack buffer overflow exists in Directory Services' password validation. An attacker may be able to cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT), and Rainer Mueller for reporting this issue.

  • diskdev_cmds

    CVE-ID: CVE-2010-0105

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: A local user may be able to prevent the system from starting properly

    Description: An implementation issue exists fsck_hfs' handling of directory trees. A local user may be able to prevent the system from starting properly. This issue is addressed through improved validation of directory trees. Credit to Maksymilian Arciemowicz of SecurityReason for reporting this issue.

  • Disk Images

    CVE-ID: CVE-2010-1841

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in processing UDIF disk images. Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of UDIF disk images. Credit to Marc Schoenefeld of Red Hat for reporting this issue.

  • Flash Player plug-in

    CVE-ID: CVE-2008-4546, CVE-2009-3793, CVE-2010-0209, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2189, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216, CVE-2010-2884, CVE-2010-3636, CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654, CVE-2010-3976

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Multiple vulnerabilities in Adobe Flash Player plug-in

    Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution. The issues are addressed by updating the Flash Player plug-in to version 10.1.102.64. Further information is available via the Adobe web site at http://www.adobe.com/support/security/ Credit to Erik Osterholm of Texas A&M University for reporting CVE-2010-3638.

  • gzip

    CVE-ID: CVE-2010-0001

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution

    Description: An integer overflow exists in gzip's handling of archives that use LZW compression. Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Aki Helin of the Oulu University Secure Programming Group for reporting this issue.

  • gzip

    CVE-ID: CVE-2009-2624

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution

    Description: An buffer overflow exists in gzip. Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.

  • Image Capture

    CVE-ID: CVE-2010-1844

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Downloading a maliciously crafted image may lead to an unexpected system shutdown

    Description: A unbounded memory consumption issue exists in Image Capture. Downloading a maliciously crafted image may lead to an unexpected system shutdown. This issue is addressed through improved input validation. This issue does not affect systems prior to Mac OS X v10.6. Credit to Steven Fisher of Discovery Software Ltd. for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2010-1845

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution

    Description: Multiple memory corruption issues exist in ImageIO's handling of PSD images. Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution. These issues are addressed through improved validation of PSD images. Credit to Dominic Chell of NGSSoftware for reporting one of these issues.

  • ImageIO

    CVE-ID: CVE-2010-1811

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in the handling of TIFF Images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.

  • ImageIO

    CVE-ID: CVE-2010-2249, CVE-2010-1205

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Multiple vulnerabilities in libpng

    Description: libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html

  • Image RAW

    CVE-ID: CVE-2010-1846

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Viewing a maliciously crafted RAW image may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in Image RAW's handling of images. Viewing a maliciously crafted RAW image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.

  • Kernel

    CVE-ID: CVE-2010-1847

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: A local user may cause an unexpected system shutdown

    Description: A memory management issue in the handling of terminal devices may allow a local user to cause an unexpected system shutdown. This issue is addressed through improved memory management.

  • MySQL

    CVE-ID: CVE-2010-1848, CVE-2010-1849, CVE-2010-1850

    Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4

    Impact: Multiple vulnerabilities in MySQL 5.0.88

    Description: MySQL is updated to version 5.0.91 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems. Further information is available via the MySQL web site at http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html

  • neon

    CVE-ID: CVE-2009-2473, CVE-2009-2474

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Multiple vulnerabilities in neon 0.28.3

    Description: neon is updated to version 0.28.6 to address several vulnerabilities, the most serious of which may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. Further information is available via the neon web site at http://www.webdav.org/neon/

  • Networking

    CVE-ID: CVE-2010-1843

    Available for: Mac OS X v10.6.2 through v10.6.4, Mac OS X Server v10.6.2 through v10.6.4

    Impact: A remote attacker may cause an unexpected system shutdown

    Description: A null pointer dereference issue exists in the handling of Protocol Independent Multicast (PIM) packets. By sending a maliciously crafted PIM packet, a remote attacker may cause an unexpected system shutdown. This issue is addressed through improved validation of PIM packets. This issue does not affect systems prior to Mac OS X v10.6.2. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

  • OpenLDAP

    CVE-ID: CVE-2010-0211

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: A remote attacker may cause a denial of service or arbitrary code execution

    Description: A memory management issue exists in OpenLDAP. By sending a maliciously crafted query an attacker may cause a denial of service or arbitrary code execution. This issue is addressed through improved memory management.

  • OpenLDAP

    CVE-ID: CVE-2010-0212

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: A remote attacker may cause a denial of service

    Description: A null pointer dereference exists in OpenLDAP. By sending a maliciously crafted query an attacker may cause a denial of service. This issue is addressed through improved memory management. Credit to Ilkka Mattila and Tuomas Salomaki for reporting this issue.

  • OpenSSL

    CVE-ID: CVE-2010-1378

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: A remote user may bypass TLS authentication or spoof a trusted server

    Description: An arithmetic issue exists in OpenSSL's certificate validation. A remote user may bypass certificate validation steps, and cause OpenSSL to accept any certificate signed by a trusted root as valid. This issue is addressed through improved certificate validation. This issue does not affect systems prior to Mac OS X v10.6. This issue only affects the Mac OS X distribution of OpenSSL. Credit to Ryan Govostes of RPISEC for reporting this issue.

  • Password Server

    CVE-ID: CVE-2010-3783

    Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4

    Impact: A remote attacker may be able to log in with an outdated password

    Description: An implementation issue in Password Server's handling of replication may cause passwords to not be replicated. A remote attacker may be able to log in to a system using an outdated password. This issue is addressed through improved handling of password replication. This issue only affects Mac OS X Server systems. Credit: Apple.

  • PHP

    CVE-ID: CVE-2010-0397, CVE-2010-2531

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Multiple vulnerabilities in PHP 5.3.2

    Description: PHP is updated to version 5.3.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/

  • PHP

    CVE-ID: CVE-2010-0397, CVE-2010-2531, CVE-2010-2484

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

    Impact: Multiple vulnerabilities in PHP 5.2.12

    Description: PHP is updated to version 5.2.14 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/

  • Printing

    CVE-ID: CVE-2010-3784

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Applications that use the PMPageFormatCreateWithDataRepresentation API may be vulnerable to an unexpected application termination

    Description: A null dereference issue exists in the PMPageFormatCreateWithDataRepresentation API's handling of XML data. Applications that use this API may be vulnerable to an unexpected application termination. This issue is addressed through improved handling of XML data. Credit to Wujun Li of Microsoft for reporting this issue.

  • python

    CVE-ID: CVE-2009-4134, CVE-2010-1449, CVE-2010-1450

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Python applications using the rgbimg and audioop modules may be vulnerable to an unexpected application termination or arbitrary code execution.

    Description: Multiple integer overflows exists in python's rgbimg and audioop modules. Python applications using the rgbimg and audioop modules may be vulnerable to an unexpected application termination or arbitrary code execution. These issues are addressed through improved bounds checking.

  • QuickLook

    CVE-ID: CVE-2010-3785

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow exists in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.

  • QuickLook

    CVE-ID: CVE-2010-3786

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in QuickLook's handling of Excel files. Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Tobias Klein, working with VeriSign iDefense Labs for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-3787

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Nils of MWR InfoSecurity, and Will Dormann of the CERT/CC for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-3788

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution

    Description: An uninitialized memory access issue exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of JP2 images. Credit to Damian Put and Procyun, working with TippingPoint's Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-3789

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue is in QuickTime's handling of avi files. Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of avi files. Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-3790

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of movie files. Credit to Honggang Ren of Fortinet's FortiGuard Labs, and an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-3791

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow exists in QuickTime's handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-3792

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A signedness issue exists in QuickTime's handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of MPEG encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-3793

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in the handling of Sorenson encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of Sorenson encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative and Carsten Eiram of Secunia Research for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-3794

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution

    Description: An uninitialized memory access issue exists in QuickTime's handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-3795

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution

    Description: An uninitialized memory access issue exists in QuickTime's handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

  • Safari RSS

    CVE-ID: CVE-2010-3796

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Accessing a maliciously crafted "feed:" URL may lead to the disclosure of sensitive information

    Description: Java applets are allowed in RSS feeds. Since Java applets can modify the loading DOM, accessing a maliciously crafted "feed:" URL may lead to the disclosure of sensitive information. This issue is addressed by disallowing Java applets in RSS feeds. Credit to Jason Hullinger of IOActive for reporting this issue.

  • Time Machine

    CVE-ID: CVE-2010-1803

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: A remote attacker may access a user's Time Machine information

    Description: The user may designate a remote AFP volume to be used for Time Machine backups. Time Machine does not verify that the same physical device is being used for subsequent backup operations. An attacker who is able to spoof the remote AFP volume can gain access to the user's backup information. This issue is addressed by verifying the unique identifier associated with a disk for backup operations. This issue does not affect Mac OS X v10.5 systems. Credit to Renaud Deraison of Tenable Network Security, Inc. for reporting this issue.

  • Wiki Server

    CVE-ID: CVE-2010-3797

    Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4

    Impact: A user who can edit wiki pages may obtain the credentials of other users

    Description: A JavaScript injection issue exists in Wiki Server. A user who can edit wiki pages may obtain the credentials of any user who visits the edited pages. This issue is addressed through improved input validation. This issue only affects Mac OS X Server systems. Credit: Apple.

  • X11

    CVE-ID: CVE-2010-1205, CVE-2010-2249, CVE-2010-0205

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Multiple vulnerabilities in libpng version 1.2.41

    Description: Multiple vulnerabilities exist in libpng version 1.2.42, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating to version 1.2.44. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html

  • X11

    CVE-ID: CVE-2009-0946, CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-3053, CVE-2010-3054

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Multiple vulnerabilities in FreeType 2.3.9

    Description: Multiple vulnerabilities exist in FreeType 2.3.9, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.2. Further information is available via the FreeType site at http://www.freetype.org/

  • xar

    CVE-ID: CVE-2010-3798

    Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Extracting a maliciously crafted xar archive may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in xar. Extracting a maliciously crafted xar archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit: Apple.

Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.
Last Modified: Apr 9, 2014
Helpful?
Yes
No
  • Last Modified: Apr 9, 2014
  • Article: HT4435
  • Views:

    null

Additional Product Support Information

Start a Discussion
in Apple Support Communities
See all questions on this article See all questions I have asked