UK Dedicated Servers



Meta

Top Ten Posts

Apple has released Patch for it 40 top most vulnerabilities.

Apple has come out with a patch to fix the top 40 most vulnerabilities for it Mac OS X ecosystem. The security update which is available for Apple Leopard and Tiger covers most of the third party application flaws and also covers the Mac OS X flaws.

The major risk in the flaws was from risk of remote code executions attacks.

The top most vulnerability documented is as follows:

  • Apache: CVE-2007-6420, CVE-2008-1678, CVE-2008-2364) Apache is updated to version 2.2.9 to address several vulnerabilities, the most serious of which may lead to cross site request forgery.  Note: Apache version 2 is bundled with Mac OS X Server v10.4.x systems, but is not active by default.
  • ClamAV: (CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914) Multiple vulnerabilities exist in ClamAV 0.93.3, the most serious of which may lead to arbitrary code execution.
  • ColorSync CVE-2008-3642) A buffer overflow exists in the handling of images with an embedded ICC profile. Opening a maliciously crafted image with an embedded ICC profile may lead to an unexpected application termination or arbitrary code execution.
  • CUPS (CVE-2008-3641) A range checking issue exists in the Hewlett-Packard Graphics Language (HPGL) filter, which may cause arbitrary memory to be overwritten with controlled data. If Printer Sharing is enabled, a remote attacker may be able to cause arbitrary code execution with the privileges of the ‘lp’ user. If Printer Sharing is not enabled, a local user may be able to obtain elevated privileges.
  • libxslt (CVE-2008-1767)  A heap buffer overflow issue exists in the libxslt library. Viewing a maliciously crafted HTML page may lead to an unexpected application termination or arbitrary code execution.
  • MySQL Server (CVE-2007-2691, CVE-2007-5969, CVE-2008-0226, CVE-2008-0227, CVE-2008-2079) MySQL is updated to version 5.0.67 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution.
  • PHP (CVE-2007-4850, CVE-2008-0674, CVE-2008-2371) PHP is updated to  version 4.4.9 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution.
  • PSNormalizer (CVE-2008-3647) A buffer overflow exists in PSNormalizer’s handling of the bounding box comment in PostScript files. Viewing a maliciously crafted PostScript file may lead to an unexpected application termination or arbitrary code execution.
  • QuickLook (CVE-2008-4211) A signedness issue exists in QuickLook’s handling of columns in Microsoft Excel files may result in an out-of-bounds memory access. Downloading or viewing a maliciously crafted Microsoft Excel file may lead to an unexpected application termination or arbitrary code execution.

This will definitely make using Apple much safer and increase the faith of people who want to go for MacBook’s and Mac’s.

Related posts:

  1. Mono 2.0 Helps increase Cross-Platform Application Development
  2. Building Blocks of New Apple Macbooks.
  3. How to configure Apache server on LINUX.
  4. Faulty Apple iPhone Chargers.
  5. Adwords Editor 5.0 released by google

Posted under Latest News, Network and Security

This post was written by Brad on October 11, 2008

Tags: Apache, Apple Leopard, Apple Tiger, ClamAV, Mac OS X ecosystem, MySQL Server, PHP

    Trackbacks

    1. pligg.com October 15, 2008 11:59 am

    Leave a Comment

    Name (required)

    Email (required)

    Website

    Comments

    More Blog Post

    Next Post:
    Previose Post:

    Search

    Categories