68 Fixes In Apple Update 10.5.3 and Apple Security Update 2008-003
More than three months after it last update for Mac OS X, Apple released an update with numerous stability, compatibility and security fixes. Mac OS X 10.5.3, the third upgrade to Leopard since Apple launched the current in October 2007, addresses issues in several components and bundled applications. Some of these are updates for Apple and others are updates to the Open Source packages that Apple provides in it’s Operating System. Apple did not include patches for two of three iCal vulnerabilities that were made public a week ago.
Updates to the following security related modules were made:
AFP Server — Files that are not designated for sharing may be accessed remotely.
Apache — Multiple vulnerabilities in Apache 2.0.55, including cross-site scripting. Apache is updated to version 2.0.63 to address several vulnerabilities.
AppKit — Maliciously crafted file, unexpected application termination, arbitrary code execution.
Apple Pixlet Video — Vulnerability to unexpected application termination, arbitrary code execution.
ATS — Vulnerability to arbitrary code execution.
CFNetwork — Vulnerability leading to disclosure of sensitive information.
CoreFoundation — Vulnerability leading to unexpected application termination or arbitrary code execution.
CoreGraphics — Vulnerability that may lead to an unexpected application termination or arbitrary code execution.
CoreTypes — Lack of prompting against opening “certain potentially unsafe content types” in Automator, Help, Safari, and Terminal.
CUPS — Information disclosure.
Flash Player Plug-in — Arbitrary code execution, Updating to version 9.0.124.0.
Help Viewer — Vulnerability to application termination or arbitrary code execution.
iCal — Vulnerability to unexpected application termination or arbitrary code execution.
International Components for Unicode — Disclosure of sensitive information.
Image Capture — Path traversal vulnerability.
ImageIO — Out-of-bounds memory read leading to information disclosure, Multiple vulnerabilities in libpng version 1.2.18, and Vulnerability to unexpected application termination or arbitrary code execution.
Kernel — Remote vulnerability to unexpected system shutdown due to undetected failure condition and Local user vulnerability to unexpected system shutdown due to mishandling of code signatures.
LoginWindow — Race condition preventing MCX preferences being applied.
Mail — IPv6 vulnerability leading to unexpected application termination, information disclosure, or arbitrary code execution.
ruby — Remote vulnerability, updated to version 1.1.4.
Single Sign-On — Password disclosure in sso_util.
Wiki Server — Remote vulnerability to information disclosure.
Mac OS X 10.5.3 can be downloaded manually from the Apple site, or retrieved and installed using Mac OS X’s integrated update feature.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.