|
|
|
Mac OS X Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information and Local Users Gain Elevated Privileges
|
SecurityTracker Alert ID: 1027054 |
SecurityTracker URL: http://securitytracker.com/id/1027054
|
CVE Reference:
CVE-2012-0649, CVE-2012-0651, CVE-2012-0654, CVE-2012-0655, CVE-2012-0656, CVE-2012-0657, CVE-2012-0658, CVE-2012-0659, CVE-2012-0660, CVE-2012-0661, CVE-2012-0662, CVE-2012-0675
(Links to External Site)
|
Date: May 10 2012
|
Impact:
Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 10.6.8, 10.7.3
|
Description:
Multiple vulnerabilities were reported in Mac OS X. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A remote user can obtain potentially sensitive information.
A local user can exploit a temporary file race condition in Bluetooth initialization code to execute arbitrary code with system privileges [CVE-2012-0649]. Version 10.7.x is affected. Aaron Sigel of vtty.com reported this vulnerability.
A remote user can send a specially crafted message to cause the directory server to disclose memory contents [CVE-2012-0651]. Version 10.6.x is affected. Agustin Azubel reported this vulnerability.
A remote user can create a specially crafted X.509 certificate that, when verified by the target user, will trigger a uninitialized memory access error in libsecurity and execute arbitrary code on the target system [CVE-2012-0654]. Dirk-Willem van Gulik of WebWeaving.org, Guilherme Prado of Conselho da Justica Federal, and Ryan Sleevi of Google reported these vulnerabilities.
libsecurity supports X.509 certificates with insecure-length RSA keys, which may expose users to spoofing and information disclosure attacks [CVE-2012-0655].
A physically local user can exploit a flaw in LoginUIFramework to login to a user account without providing a password [CVE-2012-0656]. Systems with the Guest user enabled are affected. Version 10.6.x is not affected. Francisco Gomez (espectalll123) reported this vulnerability.
A physically local user can exploit a flaw in Quartz Composer to cause Safari to launch when the screen is locked and the RSS Visualizer screen saver is used [CVE-2012-0657]. Aaron Sigel of vtty.com reported this vulnerability.
A remote user can create a specially crafted movie file that, when loaded by the target user, will trigger a buffer overflow in the processing of audio sample tables and execute arbitrary code on the target system [CVE-2012-0658]. Luigi Auriemma reported this vulnerability via HP's Zero Day Initiative.
A remote user can create a specially crafted MPEG file that, when loaded by the target user, will trigger an integer overflow and execute arbitrary code on the target system [CVE-2012-0659]. An anonymous researcher reported this vulnerability via HP's Zero Day Initiative.
A remote user can create a specially crafted MPEG file that, when loaded by the target user, will trigger a buffer underflow and execute arbitrary code on the target system [CVE-2012-0660]. Justin Kim at Microsoft and Microsoft Vulnerability Research reported this vulnerability.
A remote user can create a specially crafted movie file that, when loaded by the target user, will trigger a use-after-free memory error in the processing of JPEG2000 encoded movie files and execute arbitrary code on the target system [CVE-2012-0661]. Version 10.6.x is not affected. Damian Put reported this vulnerability via HP's Zero Day Initiative.
A remote user can supply specially crafted data to trigger an integer overflow in the Security Framework [CVE-2012-0662]. 32-bit processes are not affected. aazubel reported this vulnerability via HP's Zero Day Initiative.
A remote user can spoof a Time Machine backup volume to access a target user's Time Machine backup credentials [CVE-2012-0675]. Version 10.7.x is affected. Renaud Deraison of Tenable Network Security reported this vulnerability.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
A local user can obtain elevated privileges on the target system.
A remote user can obtain potentially sensitive information.
|
Solution:
The vendor has issued a fix (OS X Lion v10.7.4 and Security Update 2012-002), available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:
http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2012-002 or OS X v10.7.4.
For OS X Lion v10.7.3
The download file is named: MacOSXUpd10.7.4.dmg
Its SHA-1 digest is: 04c53a6148ebd8c5733459620b7c1e2172352d36
For OS X Lion v10.7 and v10.7.2
The download file is named: MacOSXUpdCombo10.7.4.dmg
Its SHA-1 digest is: b11d511a50d9b728532688768fcdee9c1930037f
For OS X Lion Server v10.7.3
The download file is named: MacOSXServerUpd10.7.4.dmg
Its SHA-1 digest is: 3cb5699c8ecf7d70145f3692555557f7206618b2
For OS X Lion Server v10.7 and v10.7.2
The download file is named: MacOSXServerUpdCombo10.7.4.dmg
Its SHA-1 digest is: 917207e922056718b9924ef73caa5fcac06b7240
For Mac OS X v10.6.8
The download file is named: SecUpd2012-002Snow.dmg
Its SHA-1 digest is: 9669fbd9952419e70ac20109cf4db37f9932e9f8
For Mac OS X Server v10.6.8
The download file is named: SecUpdSrvr2012-002.dmg
Its SHA-1 digest is: 34da2dcbc8d45362f1d5e3b1b218112a729ae1c3
The vendor's advisory will be available at:
http://support.apple.com/kb/HT1222
|
Vendor URL: support.apple.com/kb/HT1222 (Links to External Site)
|
Cause:
Access control error, Boundary error
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|
Go to the Top of This SecurityTracker Archive Page
|