SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Mac OS X Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information and Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1027054
SecurityTracker URL:  http://securitytracker.com/id/1027054
CVE Reference:   CVE-2012-0649, CVE-2012-0651, CVE-2012-0654, CVE-2012-0655, CVE-2012-0656, CVE-2012-0657, CVE-2012-0658, CVE-2012-0659, CVE-2012-0660, CVE-2012-0661, CVE-2012-0662, CVE-2012-0675   (Links to External Site)
Date:  May 10 2012
Impact:   Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.6.8, 10.7.3
Description:   Multiple vulnerabilities were reported in Mac OS X. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A remote user can obtain potentially sensitive information.

A local user can exploit a temporary file race condition in Bluetooth initialization code to execute arbitrary code with system privileges [CVE-2012-0649]. Version 10.7.x is affected. Aaron Sigel of vtty.com reported this vulnerability.

A remote user can send a specially crafted message to cause the directory server to disclose memory contents [CVE-2012-0651]. Version 10.6.x is affected. Agustin Azubel reported this vulnerability.

A remote user can create a specially crafted X.509 certificate that, when verified by the target user, will trigger a uninitialized memory access error in libsecurity and execute arbitrary code on the target system [CVE-2012-0654]. Dirk-Willem van Gulik of WebWeaving.org, Guilherme Prado of Conselho da Justica Federal, and Ryan Sleevi of Google reported these vulnerabilities.

libsecurity supports X.509 certificates with insecure-length RSA keys, which may expose users to spoofing and information disclosure attacks [CVE-2012-0655].

A physically local user can exploit a flaw in LoginUIFramework to login to a user account without providing a password [CVE-2012-0656]. Systems with the Guest user enabled are affected. Version 10.6.x is not affected. Francisco Gomez (espectalll123) reported this vulnerability.

A physically local user can exploit a flaw in Quartz Composer to cause Safari to launch when the screen is locked and the RSS Visualizer screen saver is used [CVE-2012-0657]. Aaron Sigel of vtty.com reported this vulnerability.

A remote user can create a specially crafted movie file that, when loaded by the target user, will trigger a buffer overflow in the processing of audio sample tables and execute arbitrary code on the target system [CVE-2012-0658]. Luigi Auriemma reported this vulnerability via HP's Zero Day Initiative.

A remote user can create a specially crafted MPEG file that, when loaded by the target user, will trigger an integer overflow and execute arbitrary code on the target system [CVE-2012-0659]. An anonymous researcher reported this vulnerability via HP's Zero Day Initiative.

A remote user can create a specially crafted MPEG file that, when loaded by the target user, will trigger a buffer underflow and execute arbitrary code on the target system [CVE-2012-0660]. Justin Kim at Microsoft and Microsoft Vulnerability Research reported this vulnerability.

A remote user can create a specially crafted movie file that, when loaded by the target user, will trigger a use-after-free memory error in the processing of JPEG2000 encoded movie files and execute arbitrary code on the target system [CVE-2012-0661]. Version 10.6.x is not affected. Damian Put reported this vulnerability via HP's Zero Day Initiative.

A remote user can supply specially crafted data to trigger an integer overflow in the Security Framework [CVE-2012-0662]. 32-bit processes are not affected. aazubel reported this vulnerability via HP's Zero Day Initiative.

A remote user can spoof a Time Machine backup volume to access a target user's Time Machine backup credentials [CVE-2012-0675]. Version 10.7.x is affected. Renaud Deraison of Tenable Network Security reported this vulnerability.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

A local user can obtain elevated privileges on the target system.

A remote user can obtain potentially sensitive information.

Solution:   The vendor has issued a fix (OS X Lion v10.7.4 and Security Update 2012-002), available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2012-002 or OS X v10.7.4.

For OS X Lion v10.7.3
The download file is named: MacOSXUpd10.7.4.dmg
Its SHA-1 digest is: 04c53a6148ebd8c5733459620b7c1e2172352d36

For OS X Lion v10.7 and v10.7.2
The download file is named: MacOSXUpdCombo10.7.4.dmg
Its SHA-1 digest is: b11d511a50d9b728532688768fcdee9c1930037f

For OS X Lion Server v10.7.3
The download file is named: MacOSXServerUpd10.7.4.dmg
Its SHA-1 digest is: 3cb5699c8ecf7d70145f3692555557f7206618b2

For OS X Lion Server v10.7 and v10.7.2
The download file is named: MacOSXServerUpdCombo10.7.4.dmg
Its SHA-1 digest is: 917207e922056718b9924ef73caa5fcac06b7240

For Mac OS X v10.6.8
The download file is named: SecUpd2012-002Snow.dmg
Its SHA-1 digest is: 9669fbd9952419e70ac20109cf4db37f9932e9f8

For Mac OS X Server v10.6.8
The download file is named: SecUpdSrvr2012-002.dmg
Its SHA-1 digest is: 34da2dcbc8d45362f1d5e3b1b218112a729ae1c3

The vendor's advisory will be available at:

http://support.apple.com/kb/HT1222

Vendor URL:  support.apple.com/kb/HT1222 (Links to External Site)
Cause:   Access control error, Boundary error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC