Phew today is one heck of a update day for mac users!
Update screen for the update. Image Credit: Engadget.
10.6.2 bug fixes;
- an issue that might cause your system to logout unexpectedly
- a graphics distortion in Safari Top Sites
- Spotlight search results not showing Exchange contacts
- a problem that prevented authenticating as an administrative user
- issues when using NTFS and WebDAV file servers
- the reliability of menu extras
- an issue with the 4-finger swipe gesture
- an issue that causes Mail to quit unexpectedly when setting up an Exchange server
- Address Book becoming unresponsive when editing
- a problem adding images to contacts in Address Book
- an issue that prevented opening files downloaded from the Internet
- Safari plug-in reliability
- general reliability improvements for iWork, iLife, Aperture, Final Cut Studio, MobileMe, and iDisk
- an issue that caused data to be deleted when using a guest account
Security Update 2009-006;
- AFP: Accessing a malicious AFP server may lead to an unexpected system termination or arbitrary code execution with system privileges
- Adaptive Firewall: A brute force or dictionary attack to guess an SSH login password may not be detected by Adaptive Firewall
- Apache is updated to version 2.2.13
- Apache: A remote attacker can conduct cross-site scripting attacks against Apache web server
- APR: Applications using Apache Portable Runtime (apr) may be exploited for code execution
- ATS: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
- Certificate Assistant: A user may be misled into accepting a certificate for a different domain
- Core Graphics: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
- Core Media: Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution, Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution
- CUPS: Acessing a maliciously crafted website or URL may lead to a cross-site scripting or HTTP response splitting attack
- Dictionary: A user on the local network may be able to cause arbitrary code execution
- Directory Service: A remote attacker may cause an unexpected application termination or arbitrary code execution
- Disk Images: Downloading a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution
- Dovecot: A local user may cause an unexpected application termination or arbitrary code execution with system privilege
- Event Monitor: A remote attacker may cause log injection
- Fetchmail: fetchmail is updated to 6.3.11
- File: Running the file command on a maliciously crafted Common Document Format (CDF) file may lead to an unexpected application termination or arbitrary code execution
- FTP Server: An attacker with access to FTP and the ability to create directories on a system may be able to cause unexpected application termination or arbitrary code execution
- Help Viewer: Using Help Viewer on an untrusted network may result in arbitrary code execution
- ImageIO: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
- International Components for Unicode: Applications that use the UCCompareTextDefault API may be vulnerable to an unexpected application termination or arbitrary code execution
- IOKit: A non-privileged user may be able to modify the keyboard firmware
- IPSec: Multiple vulnerabilities in the racoon daemon may lead to a denial of service
- Kernel: A local user may cause information disclosure, an unexpected system shutdown, or arbitrary code execution
- Launch Services: Attempting to open unsafe downloaded content may not lead to a warning
- Libsecurity: Support for X.509 certificates with MD2 hashes may expose users to spoofing and information disclosure as attacks improve
- Libxml: Parsing maliciously crafted XML content may lead to an unexpected application termination
- Login Window: A user may log in to any account without supplying a password
- OpenLDAP: A man-in-the-middle attacker may be able to impersonate a trusted OpenLDAP server or user even when SSL is being used, Multiple vulnerabilities in OpenLDAP
- OpenSSH: Data in an OpenSSH session may be disclosed
- PHP: Updated to 5.2.11
- Quick Draw Manager: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
- Quicklook: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution
- Quicktime: Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution (2), Opening a maliciously crafted MPEG-4 video file may lead to an unexpected application termination or arbitrary code execution, Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code execution
- FreeRADIUS: A remote attacker may terminate the operation of the RADIUS service
- Screen Sharing: Accessing a malicious VNC server may lead to an unexpected application termination or arbitrary code execution
- Spotlight: A local user may manipulate files with the privileges of another user
- Subversion: Accessing a Subversion repository may lead to an unexpected application termination or arbitrary code execution
Phew! So update ASAP!
Related posts:
