Apple Mac OS X Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Mac OS X. A remote user can cause arbitrary code to be executed on the target user's system, and bypass authentication.

1. A remote user may be able to bypass AppleID authentication when multiple users fail the AppleID certificate validation.
2. A remote user can create a specially crafted Java Web Start application that, when loaded by the target user, will launch even if the Java plug-in was disabled.
3. A remote user can send a specially crafted FaceTime:// URL that, when loaded by the target user, will bypass the standard confirmation prompt. Only version 10.8.x is affected.
4. A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a use-after-free in the handling of ink annotations and execute arbitrary code on the target system.
5. A remote user with the ability to conduct a man-in-the-middle attack can insert plugin content into Software Update marketing text. Version 10.8.x is not affected.
6. A remote user can create a specially crafted image file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user. Version 10.8.x is affected.