Mac OS X Updated to v10.6.4
Apple has released a security update for the Mac OS X operating system.
The Mac OS X v10.6.4 can be downloaded and installed via Software Update preferences, or from Apple Downloads. The patch is available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3
The security update patches many issues including:
- CUPS: Visiting a maliciously crafted website while logged into the CUPS web interface as an administrator may allow CUPS settings to be changed
- CUPS: A remote attacker may cause an unexpected application termination of cupsd
- CUPS: An attacker with access to the CUPS web interface may be able to read a limited amount of memory from the cupsd process
- DesktopServices: A Finder operation may result in files or folders with unexpected permissions
- Flash Player plug-in: Multiple vulnerabilities in Adobe Flash Player plug-in
- Folder Manager: Unmounting a maliciously crafted disk image or remote share may lead to data loss
- Help Viewer: Visiting a maliciously crafted website may lead to the execution of JavaScript in the local domain
- iChat: A remote user may upload files to arbitrary locations on the filesystem of a user currently using AIM in iChat
- ImageIO: Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution
- ImageIO: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
- Kerberos: An unauthenticated remote user may cause an unexpected termination of the KDC process, or arbitrary code execution
- Kerberos: A remote user may cause an unexpected termination of the KDC process, or arbitrary code execution
- Kerberos: An unauthenticated remote user may cause an unexpected termination of the KDC process
- Using libcurl to download files from a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
- libcurl: A local user may obtain system privileges
- Network Authorization: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
- Network Authorization: A man-in-the-middle attacker may be able to impersonate a network account server
- Open Directory: Network devices may disable printing in certain applications
- Printer Setup: A user with access to the printer may cause an unexpected application termination or arbitrary code execution
- Ruby: A remote attacker may gain access to accounts served by Ruby WEBrick
- SMB File Server: A remote user may obtain unauthorized access to arbitrary files
- SquirrelMail: Multiple vulnerabilities in SquirrelMail
- Wiki Server: Viewing maliciously crafted Wiki content may result in a cross-site scripting attack
The security update patches many issues including:
- CUPS: Visiting a maliciously crafted website while logged into the CUPS web interface as an administrator may allow CUPS settings to be changed
- CUPS: A remote attacker may cause an unexpected application termination of cupsd
- CUPS: An attacker with access to the CUPS web interface may be able to read a limited amount of memory from the cupsd process
- DesktopServices: A Finder operation may result in files or folders with unexpected permissions
- Flash Player plug-in: Multiple vulnerabilities in Adobe Flash Player plug-in
- Folder Manager: Unmounting a maliciously crafted disk image or remote share may lead to data loss
- Help Viewer: Visiting a maliciously crafted website may lead to the execution of JavaScript in the local domain
- iChat: A remote user may upload files to arbitrary locations on the filesystem of a user currently using AIM in iChat
- ImageIO: Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution
- ImageIO: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
- Kerberos: An unauthenticated remote user may cause an unexpected termination of the KDC process, or arbitrary code execution
- Kerberos: A remote user may cause an unexpected termination of the KDC process, or arbitrary code execution
- Kerberos: An unauthenticated remote user may cause an unexpected termination of the KDC process
- Using libcurl to download files from a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
- libcurl: A local user may obtain system privileges
- Network Authorization: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
- Network Authorization: A man-in-the-middle attacker may be able to impersonate a network account server
- Open Directory: Network devices may disable printing in certain applications
- Printer Setup: A user with access to the printer may cause an unexpected application termination or arbitrary code execution
- Ruby: A remote attacker may gain access to accounts served by Ruby WEBrick
- SMB File Server: A remote user may obtain unauthorized access to arbitrary files
- SquirrelMail: Multiple vulnerabilities in SquirrelMail
- Wiki Server: Viewing maliciously crafted Wiki content may result in a cross-site scripting attack