RETIRED: Apple Mac OS X 2009-001 Multiple Security Vulnerabilities

Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-001.

The security update addresses new vulnerabilities that affect the AFP server, movie playing, Resource Manager, Certificate Assistant, CoreText, 'dscl', Folder Manager, FSEvents, csregprinter, Remote Apple Event Viewer, Safari, Xterm, and SMB components of Mac OS X. The advisory also contains security updates for 32 previously reported issues.

NOTE: The new issues have been covered in the following BIDs to better document them:

33806 Apple Mac OS X Pixlet Video Handling Remote Code Execution Vulnerability
33820 Apple Mac OS X Insecure Downloads Folder Permissions Information Disclosure Vulnerability
33815 Apple Mac OS X 'dscl' Local Information Disclosure Vulnerability
33816 Apple Mac OS X Remote Apple Events Uninitialized Buffer Information Disclosure Vulnerability
33814 Apple Mac OS X Remote Apple Events Out of Bounds Memory Access Security Vulnerability
33813 Apple Mac OS X Server Manager Authentication Bypass Security Vulnerability
33812 Apple Mac OS X AFP Server Remote Denial of Service Vulnerability
33810 Apple Mac OS X Certificate Assistant Insecure Temporary File Creation Vulnerability
33811 Apple Mac OS X 'csregprinter' Local Privilege Escalation Vulnerability
33808 Apple Mac OS X Resource Manager Remote Code Execution Vulnerability
33809 Apple Mac OS X CoreText Unicode String Handling Heap Based Buffer Overflow Vulnerability
33800 Apple Mac OS X SMB Component Unspecified Buffer Overflow Vulnerability
33798 Apple Mac OS X Xterm Local Privilege Escalation Vulnerability
33796 Apple Mac OS X SMB File System Remote Denial Of Service Vulnerability
33234 Apple Safari 'feed:' URI Multiple Input Validation Vulnerabilities
33821 Apple Mac OS X 'FSEvents' Local Information Disclosure Vulnerabilit


Privacy Statement
Copyright 2010, SecurityFocus