Apple released a huge update today in 10.5.3, however, I'm only going to highlight the Security Portion of the update, 2008-003. Some of these are purely Apple updates, some are simply updates to the Open Source packages that Apple provides in it's Operating System. Updates to the following modules were made: AFP Server -- Files that are not designated for sharing may be accessed remotely. Apache -- Multiple vulnerabilities in Apache 2.0.55, including cross-site scripting. Apache is updated to version 2.0.63 to address several vulnerabilities. AppKit -- Maliciously crafted file, unexpected application termination, arbitrary code execution. Apple Pixlet Video -- Vulnerability to unexpected application termination, arbitrary code execution. ATS -- Vulnerability to arbitrary code execution CFNetwork -- Vulnerability leading to disclosure of sensitive information CoreFoundation -- Vulnerability leading to unexpected application termination or arbitrary code execution. CoreGraphics -- Vulnerability that may lead to an unexpected application termination or arbitrary code execution. CoreTypes -- Lack of prompting against opening "certain potentially unsafe content types" in Automator, Help, Safari, and Terminal. CUPS -- Information disclosure. Flash Player Plug-in -- Arbitrary code execution, Updating to version 9.0.124.0. Help Viewer -- Vulnerability to application termination or arbitrary code execution. iCal -- Vulnerability to unexpected application termination or arbitrary code execution. International Components for Unicode -- Disclosure of sensitive information. Image Capture -- Path traversal vulnerability. ImageIO -- Out-of-bounds memory read leading to information disclosure, Multiple vulnerabilities in libpng version 1.2.18, and Vulnerability to unexpected application termination or arbitrary code execution. Kernel -- Remote vulnerability to unexpected system shutdown due to undetected failure condition and Local user vulnerability to unexpected system shutdown due to mishandling of code signatures. LoginWindow -- Race condition preventing MCX preferences being applied Mail -- IPv6 vulnerability leading to unexpected application termination, information disclosure, or arbitrary code execution. ruby -- Remote vulnerability, updated to version 1.1.4 Single Sign-On -- Password disclosure in sso_util Wiki Server -- Remote vulnerability to information disclosure
Happy patching all! I've upgraded three systems here, and I've had no problems that I can tell so far. -- Joel Esler |
Joel 454 Posts May 29th 2008 |
Thread locked Subscribe |
May 29th 2008 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!