Monster fix for Mac OS X, QuickTime

Apple Computer Inc. has patched more than 25 flaws in its operating system and updated its media player to address 12 vulnerabilities.

Apple Computer Inc. released security updates for more than 25 flaws in Mac OS X and 12 vulnerabilities in QuickTime Thursday evening. Attackers could exploit these to cause a denial of service, run malicious commands, disclose sensitive data or circumvent security restrictions.

In two of its advisories, the French Security Incident Response Team (FrSIRT) identified 31 separate vulnerabilities in MAC OS X and 12 in QuickTime. The vulnerability tracking firm rated both security updates critical.

Security holes in Mac OS X include:

  • An error in the "NSSecureTextField" class that fails to properly re-enable secure event input when switching between text input fields, which could cause characters entered into a secure text field to be read by other applications in the same window session.
  • An integer overflow error in CFNetwork when handling chunked transfer encoding, which malicious Web sites could exploit to compromise vulnerable systems.
  • Integer overflow, format string and memory corruption errors in ClamAV, which attackers could exploit to execute arbitrary commands or cause a denial of service.
  • An error in Mail when handling enriched text e-mail messages containing invalid color information, which attackers could exploit to execute arbitrary commands via a malicious e-mail message.
  • An error in MySQL that doesn't properly set the root password during the initial setup, which could allow local users to gain access to a vulnerable database with full privileges.
  • An error in Safari that does not properly validate downloaded archives before being automatically expanded when the "Open safe files after downloading" option is enabled. Attackers could exploit this to compromise a vulnerable system via a malicious archive containing a symbolic link.
  • Security holes in QuickTime include:

  • An integer overflow error when processing malformed .jpg images, which attackers could exploit to execute arbitrary commands via a malicious Web page.
  • An integer overflow error when handling malformed QuickTime movies, which attackers could exploit to execute arbitrary commands via a malicious Web page.
  • A buffer overflow error when processing malformed QuickTime movies, which attackers could exploit to compromise a vulnerable system by tricking a user into visiting a specially crafted Web page.
  • A buffer overflow error when processing malformed Flash movies, which attackers could exploit to execute arbitrary commands via a malicious Web page.
  • Dig deeper on Alternative OS security: Mac, Linux, Unix, etc.

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close