DoctorDoom
05-15-2006, 01:26 PM
Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) An error in the AppKit framework allows an application to read characters entered into secure text field in the same window session.
2) Errors in the AppKit and ImageIO framework when processing GIF and TIFF images can be exploited to crash an application or potentially execute arbitrary code.
For more information:
SA19686
3) A boundary error within the BOM component when expanding archives can be exploited to crash an application or potentially execute arbitrary code.
For more information:
SA19686
4) An input validation error in the BOM component when expanding archives can be exploited to cause files to be written to arbitrary locations outside the specified directory via directory traversal attacks.
5) An integer overflow error in the CFNetwork component when handling chunked transfer encoding may allow execution of arbitrary code if a user is tricked into visiting a malicious web site.
6) Errors in ClamAV when processing specially crafted email messages may allow execution of arbitrary code.Mac OS X Security Update Fixes Multiple Vulnerabilities (http://secunia.com/advisories/20077/)
Secunia has rated it "Highly critical".
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) An error in the AppKit framework allows an application to read characters entered into secure text field in the same window session.
2) Errors in the AppKit and ImageIO framework when processing GIF and TIFF images can be exploited to crash an application or potentially execute arbitrary code.
For more information:
SA19686
3) A boundary error within the BOM component when expanding archives can be exploited to crash an application or potentially execute arbitrary code.
For more information:
SA19686
4) An input validation error in the BOM component when expanding archives can be exploited to cause files to be written to arbitrary locations outside the specified directory via directory traversal attacks.
5) An integer overflow error in the CFNetwork component when handling chunked transfer encoding may allow execution of arbitrary code if a user is tricked into visiting a malicious web site.
6) Errors in ClamAV when processing specially crafted email messages may allow execution of arbitrary code.Mac OS X Security Update Fixes Multiple Vulnerabilities (http://secunia.com/advisories/20077/)
Secunia has rated it "Highly critical".