Apple Mac OS X Multiple Security Vulnerabilities

Multiple security vulnerabilities were reported in Mac OS X. A security update has been released to address these issues and provide other enhancements. The following issues were reported:

LaunchServices is reported prone to a vulnerability where the LaunchServices utility automatically registers applications. It is reported that an attacker may exploit this issue to register and run malicious applications.

DiskImageMounter is reported prone to a vulnerability where the disk:// URI handler may be used to mount an anonymous remote file system. This attack can be achieved using the HTTP protocol. A remote attacker may exploit this vulnerability to write to the local disk.

Safari is reported prone to an unspecified vulnerability where the Safari "Show in Finder" button, when invoked, would attempt to execute certain files instead of revealing the files in the finder window. An attacker may potentially exploit this condition to automatically execute files on the file system (including downloaded files). This could lead to privilege escalation or remote compromise.

Some of these issues may already be described in previous BIDs. This BID will be split up into unique BIDs when further analysis of this update is complete.


Privacy Statement
Copyright 2010, SecurityFocus