Secunia Advisory SA53684
Release Date 2013-06-05
Criticality level: Highly critical
Impact: Security Bypass
Cross Site Scripting
Exposure of sensitive information
DoS
System access
Where: From remote
Solution Status: Vendor Patch
Description
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) An error exits within the CFNetwork component when handling permanent cookies and can be exploited to gain access to previously accessed sites even if Private Browsing was used.
2) A boundary error within the CoreAnimation component when handling text glyphs can be exploited to cause a stack-based buffer overflow by tricking a user into clicking a specially crafted URL in Safari.
3) An error within the CoreMedia Playback component when handling text tracks can be exploited to reference uninitialized memory via a specially crafted movie file.
4) A boundary error within the "DSTCPEndpoint::AllocFromProxyStruct()" function (DSTCPEndpoint.cpp) in the Directory Service component when handling messages from the network and can be exploited to cause a buffer overflow by sending specially crafted messages.
5) An error within the Disk Management component does not properly verify permissions and can be exploited by local users to disable FileVault.
6) Some errors exist due to a bundled vulnerable version of OpenSSL.
For more information:
SA44572
SA45781
SA47426
SA47631
SA48847
SA49116
7) A boundary error within the QuickDraw Manager component when parsing PICT images can be exploited to cause a buffer overflow.
8) Some errors exist in the bundled version of QuickTime.
For more information:
SA53520
9) Some errors exist in the bundled version of Ruby on Rails.
For more information:
SA51753
SA52112
SA51938
SA52656
10) An error within SMB does not properly check for access control and can be exploited to write files outside the shared directory.
Successful exploitation of vulnerabilities #2, #3, #4, and #7 may allow execution of arbitrary code.
The vulnerabilities are reported in versions Snow Leopard (10.6), Lion (10.7), and Mountain Lion (10.8).
Solution
Update to version 10.8.4 or apply Security Update 2013-002.
Bollettino di Sicurezza
Release Date 2013-06-05
Criticality level: Highly critical
Impact: Security Bypass
Cross Site Scripting
Exposure of sensitive information
DoS
System access
Where: From remote
Solution Status: Vendor Patch
Description
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) An error exits within the CFNetwork component when handling permanent cookies and can be exploited to gain access to previously accessed sites even if Private Browsing was used.
2) A boundary error within the CoreAnimation component when handling text glyphs can be exploited to cause a stack-based buffer overflow by tricking a user into clicking a specially crafted URL in Safari.
3) An error within the CoreMedia Playback component when handling text tracks can be exploited to reference uninitialized memory via a specially crafted movie file.
4) A boundary error within the "DSTCPEndpoint::AllocFromProxyStruct()" function (DSTCPEndpoint.cpp) in the Directory Service component when handling messages from the network and can be exploited to cause a buffer overflow by sending specially crafted messages.
5) An error within the Disk Management component does not properly verify permissions and can be exploited by local users to disable FileVault.
6) Some errors exist due to a bundled vulnerable version of OpenSSL.
For more information:
SA44572
SA45781
SA47426
SA47631
SA48847
SA49116
7) A boundary error within the QuickDraw Manager component when parsing PICT images can be exploited to cause a buffer overflow.
8) Some errors exist in the bundled version of QuickTime.
For more information:
SA53520
9) Some errors exist in the bundled version of Ruby on Rails.
For more information:
SA51753
SA52112
SA51938
SA52656
10) An error within SMB does not properly check for access control and can be exploited to write files outside the shared directory.
Successful exploitation of vulnerabilities #2, #3, #4, and #7 may allow execution of arbitrary code.
The vulnerabilities are reported in versions Snow Leopard (10.6), Lion (10.7), and Mountain Lion (10.8).
Solution
Update to version 10.8.4 or apply Security Update 2013-002.
Bollettino di Sicurezza