RETIRED: Apple Mac OS X 2009-002 Multiple Security Vulnerabilities

Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-002.

The security update addresses new vulnerabilities that affect Apple Type Services, CFNetwork, CoreGraphics, Disk Images, Help Viewer, iChat, ICU, Kernel, Launch Services, QuickDraw Manager, and Spotlight components of Mac OS X. The advisory also contains security updates for 47 previously reported issues.

The following individual records have been created to better document the new issues:

34932 Apple Mac OS X Launch Services Denial of Service Vulnerability
34937 Apple Mac OS X QuickDraw PICT Handling Memory Corruption Vulnerability
34938 Apple Mac OS X PICT Image Handling Integer Overflow Vulnerability
34939 Apple Mac OS X SpotLight Multiple Memory Corruption Vulnerabilities
34941 Apple Mac OS X Local 'login' Privilege Escalation Vulnerability
34942 Apple Mac OS X Disk Image Multiple Memory Corruption Vulnerabilities
34947 Apple Mac OS X Compact Font Format (CFF) Heap Based Buffer Overflow Vulnerability
34948 Apple Mac OS X Telnet Stack Overflow Vulnerability
34950 Apple Mac OS X Help Viewer Cascading Style Sheets Remote Code Execution Vulnerability
34951 Apple Mac OS X CFNetwork 'Set-Cookie' Headers Information Disclosure Vulnerability
34952 Apple Mac OS X Help Viewer HTML Document Remote Code Execution Vulnerability
34958 Apple Mac OS X CFNetwork HTTP Header Handling Heap Buffer Overflow Vulnerability
34959 Apple Mac OS X Kernel Workqueue Local Privilege Escalation Vulnerability
34962 Apple Mac OS X CoreGraphics PDF Handling Multiple Memory Corruption Vulnerabilities
34965 Apple Mac OS X CoreGraphics PDF Handling Heap Overflow Vulnerability
34972 Apple Mac OS X Disk Image Stack Buffer Overflow Vulnerability
34973 Apple Mac OS X iChat Disabled SSL Connection Information Disclosure Vulnerability
34974 Apple Mac OS X International Components for Unicode Invalid Byte Sequence Handling Vulnerability


Privacy Statement
Copyright 2010, SecurityFocus