Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Reports of multiple OS X vulnerabilities with PoC SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Reports of multiple OS X vulnerabilities with PoC

Multiple vulnerabilities have been reported in Apple Mac OS X and applications. Proof of Concept code has already been posted along with the information regarding the vulnerabilities. At this time no patches or workarounds appear to be available for the majority of the vulnerabilities. The impact is Denial of Service or arbitrary code executed remotely, and severity is highly critical.

Links to advisories:

Apple OS X 10.4.5 .tiff "LZWDecodeVector ()" Heap Overflow
http://www.security-protocols.com/sp-x24-advisory.php

Apple OS X BOM ArchiveHelper .zip Heap Overflow
http://www.security-protocols.com/sp-x25-advisory.php

Apple OS X Safari 2.0.3 Multiple Vulnerabilities
http://www.security-protocols.com/sp-x26-advisory.php

Apple OS X 10.4.6 "ReadBMP ()" .bmp Heap Overflow
http://www.security-protocols.com/sp-x27-advisory.php

Apple OS X 10.4.6 "CFAllocatorAllocate ()" .gif Heap Overflow
http://www.security-protocols.com/sp-x28-advisory.php

Apple OS X 10.4.6 .tiff "_cg_TIFFSetField ()" DoS
http://www.security-protocols.com/sp-x29-advisory.php

Apple OS X 10.4.6 .tiff "PredictorVSetField ()" Heap Overflow
http://www.security-protocols.com/sp-x30-advisory.php

Cheers,
Adrien

Adrien de Beaupre

353 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!