Apple's first Mac OS X security update for 2010 is out, providing cover for at least 12 serious vulnerabilities.
The update, rated critical, plugs security holes that could lead to code execution vulnerabilities if a Mac user is tricked into opening audio files or surfing to a rigged Web site.
With Security Update 2010-001, Apple also fixes flaws in the Adobe Flash Player plug-in that ships with the operating system.
Here's the skinny of the vulnerabilities:
* CoreAudio (CVE-2010-0036) -- A buffer overflow exists in the handling of mp4 audio files. Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution.
* CUPS (CVE-2009-3553) -- A use-after-free issue exists in cupsd. By issuing a maliciously crafted get-printer-jobs request, an attacker may cause a remote denial of service. This is mitigated through the automatic restart of cupsd after its termination.
* Flash Player plug-in (7 vulnerabilities) -- Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in to version 10.0.42.
* ImageIO (CVE-2009-2285) -- A buffer underflow exists in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.
* Image RAW (CVE-2010-0037) -- A buffer overflow exists in Image RAW's handling of DNG images. Viewing a maliciously crafted DNG image may lead to an unexpected application termination or arbitrary code execution.
* OpenSSL (CVE-2009-3555) -- A man-in-the-middle vulnerability exists in the SSL and TLS protocols. A change to the renegotiation protocol is underway within the IETF. This update disables renegotiation in OpenSSL as a preventive security measure. The issue does not affect services using Secure Transport as it does not support renegotiation.
Copyright 2014 © Godem Online Inc. | Web and server solutions by NewTech Solutions.