Description: Multiple Vulnerabilities have been identified in AppleYikes. I'd think that any Black Hat worth his salt would be able to craft a poisoned PDF or Flash (think YouTube) file that would silently download and run, and maybe escalate its privilege. Sound familiar?
Mac OS X in several of its components. Specially crafted input or
data handled by one of these components could trigger vulnerability,
leading to a variety of exploitable conditions. ...
(b) There is a memory corruption error in Resource Manager, in its handling of resource forks. ...
(e) There is an integer overflow error in Core Graphics, in the way it processes PDF files. (f) There is a heap overflow error in CoreGraphics caused by drawing of long text strings. ...
(i) Multiple vulnerabilities have been identified in the Adobe Flash Player
plug-in. Some of these vulnerabilities might lead to remote code
execution. ...
(k) There is a design issue in launch Services, which may cause an unsafe file
to be opened automatically. (l) There is a design issue in Launch Services as a result of which there is no warning displayed while attempting to open a downloaded content that's unsafe. (m) There is an implementation issue in MySQL that might lead to escalation of privilege.
So Mac users want to take a quick visit over to Apple for a heapin' helpin' of security. Srlsy.
No comments:
Post a Comment