Skip to main content

Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 21 Jan 2010 5415 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Apple Mac OS X, which could be exploited by remote or local attackers to disclose sensitive information, bypass security restrictions, cause a denial of service or compromise an affected system.

1. Due to a boundary error in CoreAudio which can be exploited to cause a buffer overflow via a specially crafted mp4 audio file.Successful exploitation of this vulnerability may allow execution of arbitrary code.

2. Due to an error in CUPS which can be exploited to cause a DoS (Denial of Service).

3. Due to multiple vulnerabilities in the Flash Player plug-in which can be exploited to gain knowledge of system information or compromise a user's system.

4. Due to a vulnerability in ImageIO which can be exploited to cause a DoS or to potentially compromise a user's system.

5. Due to a boundary error in Image RAW which can be exploited to cause a buffer overflow via a specially crafted DNG image.Successful exploitation of this vulnerability may allow execution of arbitrary code.

6. Due to a vulnerability in OpenSSL which can be exploited to manipulate certain data.


Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Apple Mac OS X version 10.6.2 and prior
  • Apple Mac OS X version 10.5.8 and prior
  • Apple Mac OS X Server version 10.6.2 and prior
  • Apple Mac OS X Server version 10.5.8 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link