Tech Talk

[Apple 2011-003 Security Update]

FYI...

Apple 2011-003 Security Update
- http://support.apple.com/kb/DL1387
May 31, 2011
File Size: 2.36 MB

Mac OS X Snow Leopard and malware detection
- http://support.apple.com/kb/HT4651
Products Affected: Mac OS X Server 10.6, Mac OS X 10.6, Product Security

- http://krebsonsecurity.com/2011/05/apple-update-targets-mac-malware/
May 31, 2011
___

- http://blog.trendmicro.com/what%E2%80%99s-in-apple-security-update-2011-03/
June 6, 2011 - "... the Apple solution may have probably worked better if only they had encrypted the search strings. Unfortunately, all the bad guys had to do to circumvent this latest “security update” is change the strings and locations and once again continue to affect Mac users. In fact, we tested if a Mac patched with the security update can detect a malware found in February (OSX_MUSMINIM.A), and found that it is -not- covered. Considering the weaknesses of Apple’s current strategy against malware, we recommend users to exercise extreme caution."

 

[Apple 2011-004 Security Update]

FYI...

Apple 2011-004 Security Update
- http://support.apple.com/kb/HT4723
June 23, 2011 - Affected: Mac OS X 10.6, Product Security

- http://isc.sans.edu/diary.html?storyid=11092
Last Updated: 2011-06-23 20:57:37 UTC

- http://secunia.com/advisories/45054/
Release Date: 2011-06-24
Criticality level: Highly critical
Impact: Security Bypass, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote...
Solution: Update to version 10.6.8 or apply Security Update 2011-004.
Original Advisory: Apple Security Update 2011-004:
http://support.apple.com/kb/HT4723

- http://h-online.com/-1267147
24 June 2011 - "... plugs a total of 39 security holes... "
Also - Leopard:
> http://support.apple.com/kb/DL1404 - Client
> http://support.apple.com/kb/DL1405 - Server
June 23, 2011

 

[Apple Java security updates]

FYI...

Apple Java security updates

Java for Mac OS X 10.5 Update 10
- http://support.apple.com/kb/HT4739
June 28, 2011

Java for Mac OS X 10.6 Update 5
- http://support.apple.com/kb/HT4738
June 28, 2011

- http://support.apple.com/kb/HT1222
___

- http://secunia.com/advisories/45084/
Release Date: 2011-06-29
Criticality level: Highly critical
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote 
CVE Reference(s): CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863,
CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869,
CVE-2011-0871, CVE-2011-0873
Solution: Apply updates.
Original Advisory:
http://support.apple.com/kb/HT4738
http://support.apple.com/kb/HT4739

 

[Safari v5.1 and v5.0.6 released]

FYI...

Safari v5.1 and v5.0.6 released...
- http://threatpost.com/en_us/blogs/apples-safari-update-fixes-58-bugs-adds-sandboxing-072011
July 20, 2011 - "... Apple has issued a new version of its Safari browser for Mac and Windows users, pushing version 5.1 and 5.0.6 to patch a boatload of security holes, some of which are critical. 58 security vulnerabilities in total are addressed in the update, including fixes for Java, Webkit and a flaw in the browser’s CFNetwork API that could enable cross-site scripting (XSS) attacks. Additional patches for the browser’s CoreGraphics and ImageIO framework are included the update that will prevent application termination or arbitrary code execution. The full list of updates can be found at Apple's support site*..."
* http://support.apple.com/kb/HT4808
July 20, 2011

... available via the Apple Software Update application, or Apple's Safari download site at:
- http://www.apple.com/safari/download/
___

- http://www.securitytracker.com/id/1025816
CVE Reference:   CVE-2010-1383, CVE-2010-1420, CVE-2010-1823, CVE-2011-0214, CVE-2011-0215, CVE-2011-0216, CVE-2011-0217, CVE-2011-0218, CVE-2011-0219, CVE-2011-0221, CVE-2011-0222, CVE-2011-0223, CVE-2011-0225, CVE-2011-0232, CVE-2011-0233, CVE-2011-0234, CVE-2011-0235, CVE-2011-0237, CVE-2011-0238, CVE-2011-0240, CVE-2011-0241, CVE-2011-0242, CVE-2011-0244, CVE-2011-0253, CVE-2011-0254, CVE-2011-0255, CVE-2011-0981, CVE-2011-0983, CVE-2011-1107, CVE-2011-1109, CVE-2011-1114, CVE-2011-1115, CVE-2011-1117, CVE-2011-1121, CVE-2011-1188, CVE-2011-1190, CVE-2011-1203, CVE-2011-1204, CVE-2011-1288, CVE-2011-1293, CVE-2011-1295, CVE-2011-1296, CVE-2011-1453, CVE-2011-1457, CVE-2011-1462, CVE-2011-1774, CVE-2011-1797
July 20 2011

- http://secunia.com/advisories/45325/
Release Date: 2011-07-21
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of system information, Exposure of sensitive information, System access
Where: From remote...
Solution: Update to version 5.1 or 5.0.6.

Apple patches 58 Safari bugs to deflect drive-by attacks
- https://www.computerworld.com/s/article/9218549/Apple_patches_58_Safari_bugs_to_deflect_drive_by_attacks
July 20, 2011

- http://h-online.com/-1283018
20 July 2011
- http://kb2.adobe.com/cps/908/cpsid_90885.html
2011-07-20 - "Adobe Reader plug-in and Acrobat plug-in are not compatible with the Safari 5.1 browser... As we continue to investigate this, we will be sure to keep you updated... Adobe expects to provide a better workaround for this issue before the end of 2011..."

 

[Mac OS X v10.7 Lion]

FYI...

Mac OS X v10.7 Lion
- https://discussions.apple.com/community/mac_os/mac_os_x_v10.7_lion
July 20, 2011
> http://www.apple.com/macosx/

Tech Specs
- http://www.apple.com/macosx/specs.html

Upgrade requirements
- http://www.apple.com/macosx/how-to-buy/

What's new...
- http://www.apple.com/macosx/whats-new/

New features
- http://www.apple.com/macosx/whats-new/features.html

Incompatible software
- http://support.apple.com/kb/HT3258
___

- http://www.theinquirer.net/inquirer/news/2095471/apple-mac-lion-goes-sale
July 20 2011

- http://isc.sans.edu/diary.html?storyid=11242
Last Updated: 2011-07-21

Lion Security
- http://isc.sans.edu/diary.html?storyid=11245
Last Updated: 2011-07-21

- http://threatpost.com/en_us/blogs/apple-revamps-security-os-x-lion-072111
July 21, 2011

- http://www.theregister.co.uk/2011/07/21/mac_os_x_lion_security/
21 July 2011

 

[QuickTime v7.7 released]

FYI...

QuickTime v7.7 released
- http://support.apple.com/kb/HT4826
August 03, 2011 - "Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later..."

> http://www.apple.com/quicktime/download/
... or update via Apple Software Update.

- http://support.apple.com/kb/DL837
QuickTime 7.7 for Windows

- http://www.securitytracker.com/id/1025884
Aug 3 2011
Version(s): prior to 7.7...
CVE Reference:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0245
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0246
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0247
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0248
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0249
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0250
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0251
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0252
Published: 08/04/2011
CVSS Severity: 9.3 (HIGH)

- http://secunia.com/advisories/45516/
Release Date: 2011-08-04
Criticality level: Highly critical
Impact: System access
Where: From remote... 
Solution: Update to version 7.7.

 

[Apple OS X Lion v10.7.1 Update]

FYI...

Apple OS X Lion v10.7.1 Update
- https://support.apple.com/kb/HT4764
August 16, 2011 - "... You should back up your system before installation; you can use Time Machine: http://support.apple.com/kb/HT1427 ..."

- http://support.apple.com/kb/DL1437

- http://support.apple.com/kb/DL1439

- http://support.apple.com/downloads/

 

[Apple Security Update 2011-005]

FYI...

Apple Security Update 2011-005
- https://support.apple.com/kb/HT4920
September 09, 2011
• Certificate Trust Policy
Products Affected: Mac OS X Server 10.6, Mac OS X 10.6, Lion Server, OS X Lion, Product Security

- https://support.apple.com/downloads/

List of available trusted root certificates
- https://support.apple.com/kb/HT4415
___

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0228
Last revised: 08/30/2011
CVSS v2 Base Score: 7.5 (HIGH)
"... Apple iOS before 4.2.10 and 4.3.x before 4.3.5..."

- https://support.apple.com/downloads/#Apple%20iOS

 

[iTunes v10.5 released]

FYI...

iTunes v10.5 released
* https://support.apple.com/kb/HT4981
October 11, 2011

- https://isc.sans.edu/diary.html?storyid=11782
2011-10-11 18:52:46 UTC - "Apple release iTunes 10.5 for Windows and Mac OS X. For those following Apple this comes as no big surprise as there are functionality changes expected due to the imminent release of a new iPhone model. What is however a bit surprising is that they also released an impressive list of fixed vulnerabilities* in the windows version of iTunes. Even more interesting is that that list also mentions that  e.g. "For Mac OS X v10.6 systems, this issue is addressed in Security Update 2011-006" or "For OS X Lion systems, this issue is addressed in OS X Lion v10.7.2". And that's a security update** and /or OS update that's not yet released at the time of writing."
** http://support.apple.com/kb/HT1222

- https://krebsonsecurity.com/2011/10/critical-security-updates-from-microsoft-apple/
October 11, 2011 - "... Apple’s update addresses more than 75 security flaws in the Windows versions of iTunes..."
___

- http://www.securitytracker.com/id/1026163
CVE Reference: CVE-2011-0259, CVE-2011-2338, CVE-2011-2339, CVE-2011-2341, CVE-2011-2352, CVE-2011-2354, CVE-2011-2356, CVE-2011-2809, CVE-2011-2811, CVE-2011-2813, CVE-2011-2814, CVE-2011-2815, CVE-2011-2816, CVE-2011-2817, CVE-2011-2820, CVE-2011-2823, CVE-2011-2827, CVE-2011-2831, CVE-2011-3219, CVE-2011-3233, CVE-2011-3234, CVE-2011-3235, CVE-2011-3236, CVE-2011-3237, CVE-2011-3238, CVE-2011-3239, CVE-2011-3241, CVE-2011-3244, CVE-2011-3252
Updated: Oct 12 2011
Version(s): prior to 10.5...

- https://secunia.com/advisories/46339/
Release Date: 2011-10-12
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, System access
Where: From remote...
Solution: Update to version 10.5...

 

[Apple - multiple Security Updates]

FYI...

iOS5 Upgrade -bricked- My iPhone
- https://discussions.apple.com/thread/3374367
Latest reply: Oct 15, 2011

iOS5 update -bricked- my iPod Touch
- http://news.cnet.com/8301-13579_3-20120512-37/ios-5-update-bricked-my-ipod-touch/
October 14, 2011

Macbook boot failed because I had Symantec's PGP software installed...
- https://isc.sans.edu/diary.html?storyid=11797
2011-10-13
___

Apple - multiple Security Updates
- https://www.us-cert.gov/current/#apple_releases_multiple_security_updates
October 12, 2011 - "Apple has released security updates for Apple iOS, Safari 5.1.1, OS X Lion v10.7.2, iWork 09, and Apple TV 4.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, and bypass security restrictions...
• HT5004 - Numbers for iOS v1.5
- http://support.apple.com/kb/HT5004
• HT5003 - Pages for iOS v1.5
- http://support.apple.com/kb/HT5003
• HT5000 - Safari 5.1.1
- http://support.apple.com/kb/HT5000
• HT5002 - OS X Lion v10.7.2 and Security Update 2011-006
- http://support.apple.com/kb/HT5002
• HT5001 - Apple TV 4.4
- http://support.apple.com/kb/HT5001
• HT4999 - iOS 5 Software Update
- http://support.apple.com/kb/HT4999
___

iOS 5 update closes almost 100 security holes
- http://h-online.com/-1360528
13 October 2011

Mac OS X 10.7.2 and Safari 5.1.1
- http://h-online.com/-1360457
13 October 2011
___

- https://secunia.com/advisories/46417/ - Mac OS X
... Solution: Update to version 10.7.2 or apply Security Update 2011-006.
- https://secunia.com/advisories/46377/ - iOS
... Solution: Apply iOS 5 Software Update.
- https://secunia.com/advisories/46418/ - iOS Office
... Solution: Update to version 1.5 available via the iTunes Store.
- https://secunia.com/advisories/46419/ - Numbers for iOS
... Solution: Update to version 1.5 available via the iTunes Store.
- https://secunia.com/advisories/46412/ - Safari
... Solution: Update to version 5.1.1.
- https://secunia.com/advisories/46415/ - Apple TV
... Solution: Update to Apple TV Software version 4.4.
13 Oct, 2011

- http://www.securitytracker.com/id/1026178 - Safari
CVE Reference: CVE-2011-3229, CVE-2011-3230, CVE-2011-3231, CVE-2011-3242, CVE-2011-3243
Date: Oct 12 2011
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network  
Version(s): prior to 5.1.1..

- http://www.securitytracker.com/id/1026180 - Apple iOS
CVE Reference: CVE-2011-3245, CVE-2011-3246, CVE-2011-3253, CVE-2011-3254, CVE-2011-3255, CVE-2011-3256, CVE-2011-3257, CVE-2011-3259, CVE-2011-3260, CVE-2011-3261, CVE-2011-3426, CVE-2011-3427, CVE-2011-3429, CVE-2011-3430, CVE-2011-3431, CVE-2011-3432, CVE-2011-3434
Date: Oct 13 2011
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Version(s): prior to 5.0

- http://www.securitytracker.com/id/1026184 - Mac OS X
CVE Reference: CVE-2011-0185, CVE-2011-0224, CVE-2011-0229, CVE-2011-0230, CVE-2011-0231, CVE-2011-0260, CVE-2011-1755, CVE-2011-3212, CVE-2011-3213, CVE-2011-3214, CVE-2011-3215, CVE-2011-3216, CVE-2011-3217, CVE-2011-3218, CVE-2011-3220, CVE-2011-3221, CVE-2011-3224, CVE-2011-3226, CVE-2011-3227, CVE-2011-3228, CVE-2011-3222, CVE-2011-3223, CVE-2011-3225, CVE-2011-3435, CVE-2011-3436, CVE-2011-3437
Date: Oct 13 2011
Impact: Denial of service via network, Execution of arbitrary code via network, User access via local system, User access via network...

//

[QuickTime v7.7.1 released]

FYI...

QuickTime v7.7.1 released
- https://support.apple.com/kb/DL837
October 26, 2011

- https://support.apple.com/kb/HT5016

> http://www.apple.com/quicktime/download/
... or update via Apple Software Update.

- https://secunia.com/advisories/46618/
Release Date: 2011-10-27
Criticality level: Highly critical
Impact: Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote
CVE Reference(s): CVE-2011-3218, CVE-2011-3219, CVE-2011-3220, CVE-2011-3221, CVE-2011-3222, CVE-2011-3223, CVE-2011-3228, CVE-2011-3247, CVE-2011-3248, CVE-2011-3249, CVE-2011-3250, CVE-2011-3251
Solution: Update to version 7.7.1.

- https://www.us-cert.gov/current/#apple_release_quicktime_7_7
October 27, 2011 - "... These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information..."

- http://h-online.com/-1367500
27 October 2011

 

[Java for Mac OS X 10.7 Update 1 + Java for Mac OS X 10.6 Update 6]

FYI...

Java for Mac OS X 10.7 Update 1 + Java for Mac OS X 10.6 Update 6
- https://support.apple.com/kb/HT5045
November 08, 2011 - "... Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29...
CVE-IDs: CVE-2011-3389, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546,
CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561 ..."
___

- https://secunia.com/advisories/46774/
Release Date: 2011-11-09
Criticality level: Highly critical
Impact: Hijacking, Spoofing, Manipulation of data, Exposure of sensitive information,  DoS, System access
Where: From remote ...
Solution: Apply updates...
Original Advisory: http://support.apple.com/kb/HT5045
___

- http://h-online.com/-1375757
9 November 2011

 

[Apple iOS 5.0.1 update]

FYI...

Apple iOS 5.0.1 update
- https://support.apple.com/kb/HT5052
November 10, 2011 - "... can be downloaded and installed using iTunes...
Products Affected: iPhone, iPad, iPod touch, Product Security..."

- https://support.apple.com/kb/DL1472
November 10, 2011

- http://www.theinquirer.net/inquirer/news/2124329/apple-releases-fix-iphone-battery
Nov 11 2011
___

- https://secunia.com/advisories/46747/ || https://secunia.com/advisories/46836/ - iPad 2
Release Date: 2011-11-11
Criticality level: Highly critical
Impact: Spoofing, Exposure of system information, System access
Where: From remote ...
Operating System: Apple iOS 5.x for iPhone 3GS and later, Apple iOS for iPod touch 5.x
Solution: Apply iOS 5.0.1 Software Update (downloadable and installable via iTunes)...
Original Advisory: Apple:
http://support.apple.com/kb/HT5052 ...

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3440
Last revised: 11/14/2011
CVSS v2 Base Score: 1.2 (LOW)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3246
Last revised: 10/14/2011
CVSS v2 Base Score: 5.0 (MEDIUM)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3442
Last revised: 11/14/2011
CVSS v2 Base Score: 7.2 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3439
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3441
Last revised: 11/14/2011
CVSS v2 Base Score: 9.3 (HIGH) ...
"... Apple iOS before 5.0.1"

- http://www.securitytracker.com/id/1026311
Updated: Nov 11 2011
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
Version(s): 5.0 and prior...

   

[Apple iTunes v10.5.1 released]

FYI...

Apple iTunes v10.5.1 released
- http://www.securitytracker.com/id/1026323
CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3434
Date: Nov 14 2011
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 10.5.1...

• About the security content of iTunes 10.5.1
- https://support.apple.com/kb/HT5030
November 14, 2011
Available for: Mac OS X v10.5 or later, Windows 7, Vista, XP SP2 or later

• Security updates
- https://support.apple.com/kb/HT1222
Last Modified: November 14, 2011
___

- http://www.theregister.co.uk/2011/11/17/itunes_update_fixes_ghostnet_flaw/
17 November 2011 - "... An FBI press release on the Ghost Click takedown specifically cites iTunes* as an example of how the alleged fraud operated..."
* http://www.fbi.gov/news/stories/2011/november/malware_110911/malware_110911

- http://www.csoonline.com/article/694069/apple-secures-itunes-update-checking-to-address-man-in-the-middle-vulnerability
November 15, 2011 - "... The vulnerability stems from older iTunes versions use of plain HTTP requests to query Apple's servers for new updates. Because such connections lack encryption, a network attacker could intercept the requests and respond with rogue update URLs... This particular attack scenario can only take place when iTunes is installed on a Windows system and the Apple Software Update component is not present..."

- https://www.us-cert.gov/current/index.html#apple_releases_itunes_10_51
November 15, 2011

 

[v1.1]

FYI...

Apple Security Update 2012-001 v1.1
- http://lists.apple.com/archives/security-announce/2012/Feb/msg00002.html
3 Feb 2012 - "Security Update 2012-001 v1.1 is now available for Mac OS X v10.6.8 systems to address a compatibility issue. Version 1.1 of this update removes the ImageIO security fixes released in Security Update 2012-001. OS X Lion systems are not affected by this change.
Security Update 2012-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/ ..."

- http://www.securitytracker.com/id/1026627
Updated: Feb 4 2012
... [Note: On February 3, 2012, the vendor issued a modified fix (Security Update 2012-001 v1.1) for Mac OS X v10.6.8 that removes the ImageIO patches (CVE-2011-3328) that were causing a compatibility issue.]
___

Apple 2012-001 Security Update - OS X Lion v10.7.3
- https://support.apple.com/kb/HT5130
Feb 01, 2012

OS X Lion v10.7.3 Update
- https://support.apple.com/kb/HT5048
Feb 01, 2012 - "... recommended for all OS X Lion users and includes general operating system fixes that improve the stability, compatibility, and security..."

Server Admin Tools 10.7.3
- https://support.apple.com/kb/HT5050
Feb 01, 2012 - "... advanced administration tools for Lion Server. You can install them on the server or on another Mac and use it for remote administration..."

- https://support.apple.com/kb/HT1222
OS X Lion v10.7.3 and Security Update 2012-001
   Mac OS X v10.6.8, OS X Lion v10.7 to v10.7.2

- http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
1 Feb 2012

- https://www.apple.com/support/
___

- http://h-online.com/-1426962
2 February 2012 - "... the updates close more than 50 holes..."

- http://www.securitytracker.com/id/1026627
Updated: Feb 4 2012
... [Editor's note: On February 3, 2012, the vendor issued a modified fix (Security Update 2012-001 v1.1) for Mac OS X v10.6.8 that removes the ImageIO patches (CVE-2011-3328) that were causing a compatibility issue.]
CVE Reference: CVE-2011-2937, CVE-2011-3328, CVE-2011-3444, CVE-2011-3447, CVE-2011-3448, CVE-2011-3449, CVE-2011-3450, CVE-2011-3452, CVE-2011-3453, CVE-2011-3457, CVE-2011-3458, CVE-2011-3459, CVE-2011-3460, CVE-2011-3462, CVE-2011-3463
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of user information, Root access via local system, User access via network
Version(s): prior to 10.7.3

- https://secunia.com/advisories/47843/
Release Date: 2012-02-03
Criticality level: Highly critical
Impact: Cross Site Scripting, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote...
Solution: Update to OS X Lion version 10.7.3 or apply Security Update 2012-001.