SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1027551
SecurityTracker URL:  http://securitytracker.com/id/1027551
CVE Reference:   CVE-2012-0650, CVE-2012-3716, CVE-2012-3718, CVE-2012-3719, CVE-2012-3720, CVE-2012-3721, CVE-2012-3722, CVE-2012-3723   (Links to External Site)
Date:  Sep 20 2012
Impact:   Denial of service via network, Disclosure of authentication information, Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Several vulnerabilities were reported in Apple OS X. A remote user can execute arbitrary code on the target system. A remote user can obtain a password hash in certain cases. A local user can obtain elevated privileges on the target system. A local user can obtain password keystrokes.

If the DirectoryService Proxy is used, a remote user can trigger a buffer overflow in the DirectoryService Proxy to execute arbitrary code [CVE-2012-0650]. OS X Lion and Mountain Lion systems are not affected. aazubel reported this vulnerabilities (via HP's Zero Day Initiative).

A remote user can create a specially crafted file that, when loaded by the target user via an application that uses CoreText, will trigger an out-of-bounds memory access error and execute arbitrary code [CVE-2012-3716]. Mac OS X v10.6 and OS X Mountain Lion systems are not affected. Jesse Ruderman of Mozilla Corporation reported this vulnerability.

A local user can exploit a flaw in LoginWindow to capture password keystrokes from Login Window and Screen Saver Unlock [CVE-2012-3718]. Only OS X Mountain Lion is affected. An anonymous researcher reported this vulnerability.

A remote user can send a specially crafted e-mail that, when viewed by the target user, will launch an embedded web plugin [CVE-2012-3719]. OS X Mountain Lion is not affected. Will Dormann of the CERT/CC reported this vulnerability.

A user with access to the contents of a mobile account can obtain the account user's password hash [CVE-2012-3720]. OS X Mountain Lion is affected. Harald Wagener of Google, Inc. reported this vulnerability.

A remote user can exploit a flaw in the Device Management private interface to identify managed devices [CVE-2012-3721]. OS X Mountain Lion is not affected. Derick Cassidy of XEquals Corporation reported this vulnerability.

A remote user can create a specially crafted Sorenson encoded movie file that, when loaded by the target user, will trigger a memory access error and execute arbitrary code on the target system [CVE-2012-3722]. The code will run with the privileges of the target user. OS X Mountain Lion systems are not affected. Will Dormann of the CERT/CC reported this vulnerability.

A physically local user can attach a USB device with a specially crafted bNbrPorts descriptor field to trigger a memory corruption error and execute arbitrary code [CVE-2012-3723]. OS X Mountain Lion systems are not affected. Andy Davis of NGS Secure reported this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

A local user can obtain elevated privileges on the target system.

A remote user can obtain a password hash in certain cases.

A local user can obtain password keystrokes.

Solution:   The vendor has issued a fix.

OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 or Security Update 2012-004.

For OS X Mountain Lion v10.8.1
The download file is named: OSXUpd10.8.2.dmg
Its SHA-1 digest is: d6779e1cc748b78af0207499383b1859ffbebe33

For OS X Mountain Lion v10.8
The download file is named: OSXUpdCombo10.8.2.dmg
Its SHA-1 digest is: b08f10233d362e39f20b69f91d1d73f5e7b68a2c

For OS X Lion v10.7.4
The download file is named: MacOSXUpd10.7.5.dmg
Its SHA-1 digest is: e0a9582cce9896938a7a541bd431862d93893532

For OS X Lion v10.7 and v10.7.3
The download file is named: MacOSXUpdCombo10.7.5.dmg
Its SHA-1 digest is: f7a26b164fa10dae4fe646e57b01c34a619c8d9b

For OS X Lion Server v10.7.4
The download file is named: MacOSXServerUpd10.7.5.dmg
Its SHA-1 digest is: a891b03bfb4eecb745c0c39a32f39960fdb6796a

For OS X Lion Server v10.7 and v10.7.3
The download file is named: MacOSXServerUpdCombo10.7.5.dmg
Its SHA-1 digest is: df6e1748ab0a3c9e05c890be49d514673efd965e

For Mac OS X v10.6.8
The download file is named: SecUpd2012-004.dmg
Its SHA-1 digest is: 5b136e29a871d41012f0c6ea1362d6210c8b4fb7

For Mac OS X Server v10.6.8
The download file is named: SecUpdSrvr2012-004.dmg
Its SHA-1 digest is: 9b24496be15078e58a88537700f2f39c112e3b28

The vendor's advisory is available at:

http://support.apple.com/kb/HT5501

Vendor URL:  support.apple.com/kb/HT5501 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC