J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: RETIRED: Apple Mac OS X 2009-001 Multiple Security Vulnerabilities

Severity: CRITICAL

Description:

Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-001.

The security update addresses new vulnerabilities that affect the AFP server, movie playing, Resource Manager, Certificate Assistant, CoreText, 'dscl', Folder Manager, FSEvents, csregprinter, Remote Apple Event Viewer, Safari, Xterm, and SMB components of Mac OS X. The advisory also contains security updates for 32 previously reported issues.

NOTE: The new issues have been covered in the following BIDs to better document them:

33806 Apple Mac OS X Pixlet Video Handling Remote Code Execution Vulnerability
33820 Apple Mac OS X Insecure Downloads Folder Permissions Information Disclosure Vulnerability
33815 Apple Mac OS X 'dscl' Local Information Disclosure Vulnerability
33816 Apple Mac OS X Remote Apple Events Uninitialized Buffer Information Disclosure Vulnerability
33814 Apple Mac OS X Remote Apple Events Out of Bounds Memory Access Security Vulnerability
33813 Apple Mac OS X Server Manager Authentication Bypass Security Vulnerability
33812 Apple Mac OS X AFP Server Remote Denial of Service Vulnerability
33810 Apple Mac OS X Certificate Assistant Insecure Temporary File Creation Vulnerability
33811 Apple Mac OS X 'csregprinter' Local Privilege Escalation Vulnerability
33808 Apple Mac OS X Resource Manager Remote Code Execution Vulnerability
33809 Apple Mac OS X CoreText Unicode String Handling Heap Based Buffer Overflow Vulnerability
33800 Apple Mac OS X SMB Component Unspecified Buffer Overflow Vulnerability
33798 Apple Mac OS X Xterm Local Privilege Escalation Vulnerability
33796 Apple Mac OS X SMB File System Remote Denial Of Service Vulnerability
33234 Apple Safari 'feed:' URI Multiple Input Validation Vulnerabilities
33821 Apple Mac OS X 'FSEvents' Local Information Disclosure Vulnerabilit

Affected Products:

  • Apple Mac OS X 10.4.0
  • Apple Mac OS X 10.4.1
  • Apple Mac OS X 10.4.10
  • Apple Mac OS X 10.4.11
  • Apple Mac OS X 10.4.11
  • Apple Mac OS X 10.4.2
  • Apple Mac OS X 10.4.3
  • Apple Mac OS X 10.4.4
  • Apple Mac OS X 10.4.5
  • Apple Mac OS X 10.4.6
  • Apple Mac OS X 10.4.7
  • Apple Mac OS X 10.4.8
  • Apple Mac OS X 10.4.9
  • Apple Mac OS X 10.5
  • Apple Mac OS X 10.5.1
  • Apple Mac OS X 10.5.2
  • Apple Mac OS X 10.5.3
  • Apple Mac OS X 10.5.4
  • Apple Mac OS X 10.5.5
  • Apple Mac OS X 10.5.6
  • Apple Mac OS X Server 10.4.0
  • Apple Mac OS X Server 10.4.1
  • Apple Mac OS X Server 10.4.10
  • Apple Mac OS X Server 10.4.11
  • Apple Mac OS X Server 10.4.11
  • Apple Mac OS X Server 10.4.2
  • Apple Mac OS X Server 10.4.3
  • Apple Mac OS X Server 10.4.4
  • Apple Mac OS X Server 10.4.5
  • Apple Mac OS X Server 10.4.6
  • Apple Mac OS X Server 10.4.7
  • Apple Mac OS X Server 10.4.8
  • Apple Mac OS X Server 10.4.9
  • Apple Mac OS X Server 10.5
  • Apple Mac OS X Server 10.5.1
  • Apple Mac OS X Server 10.5.2
  • Apple Mac OS X Server 10.5.3
  • Apple Mac OS X Server 10.5.4
  • Apple Mac OS X Server 10.5.5
  • Apple Mac OS X Server 10.5.6

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.