Canadian Tech Blogger

Phew today is one heck of a update day for mac users!

Update screen for the update. Image Credit: Engadget.

10.6.2 bug fixes;

• an issue that might cause your system to logout unexpectedly
• a graphics distortion in Safari Top Sites
• Spotlight search results not showing Exchange contacts
• a problem that prevented authenticating as an administrative user
• issues when using NTFS and WebDAV file servers
• the reliability of menu extras
• an issue with the 4-finger swipe gesture
• an issue that causes Mail to quit unexpectedly when setting up an Exchange server
• Address Book becoming unresponsive when editing
• a problem adding images to contacts in Address Book
• an issue that prevented opening files downloaded from the Internet
• Safari plug-in reliability
• general reliability improvements for iWork, iLife, Aperture, Final Cut Studio, MobileMe, and iDisk
• an issue that caused data to be deleted when using a guest account

Security Update 2009-006;

• AFP: Accessing a malicious AFP server may lead to an unexpected system termination or arbitrary code execution with system privileges
• Adaptive Firewall: A brute force or dictionary attack to guess an SSH login password may not be detected by Adaptive Firewall
• Apache is updated to version 2.2.13
• Apache: A remote attacker can conduct cross-site scripting attacks against Apache web server
• APR: Applications using Apache Portable Runtime (apr) may be exploited for code execution
• ATS: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
• Certificate Assistant: A user may be misled into accepting a certificate for a different domain
• Core Graphics: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
• Core Media: Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution, Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution
• CUPS: Acessing a maliciously crafted website or URL may lead to a cross-site scripting or HTTP response splitting attack
• Dictionary: A user on the local network may be able to cause arbitrary code execution
• Directory Service: A remote attacker may cause an unexpected application termination or arbitrary code execution
• Disk Images: Downloading a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution
• Dovecot: A local user may cause an unexpected application termination or arbitrary code execution with system privilege
• Event Monitor: A remote attacker may cause log injection
• Fetchmail: fetchmail is updated to 6.3.11
• File: Running the file command on a maliciously crafted Common Document Format (CDF) file may lead to an unexpected application termination or arbitrary code execution
• FTP Server: An attacker with access to FTP and the ability to create directories on a system may be able to cause unexpected application termination or arbitrary code execution
• Help Viewer: Using Help Viewer on an untrusted network may result in arbitrary code execution
• ImageIO: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
• International Components for Unicode: Applications that use the UCCompareTextDefault API may be vulnerable to an unexpected application termination or arbitrary code execution
• IOKit: A non-privileged user may be able to modify the keyboard firmware
• IPSec: Multiple vulnerabilities in the racoon daemon may lead to a denial of service
• Kernel: A local user may cause information disclosure, an unexpected system shutdown, or arbitrary code execution
• Launch Services: Attempting to open unsafe downloaded content may not lead to a warning
• Libsecurity: Support for X.509 certificates with MD2 hashes may expose users to spoofing and information disclosure as attacks improve
• Libxml: Parsing maliciously crafted XML content may lead to an unexpected application termination
• Login Window: A user may log in to any account without supplying a password
• OpenLDAP: A man-in-the-middle attacker may be able to impersonate a trusted OpenLDAP server or user even when SSL is being used, Multiple vulnerabilities in OpenLDAP
• OpenSSH: Data in an OpenSSH session may be disclosed
• PHP: Updated to 5.2.11
• Quick Draw Manager: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
• Quicklook: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution
• Quicktime: Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution (2), Opening a maliciously crafted MPEG-4 video file may lead to an unexpected application termination or arbitrary code execution, Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code execution
• FreeRADIUS: A remote attacker may terminate the operation of the RADIUS service
• Screen Sharing: Accessing a malicious VNC server may lead to an unexpected application termination or arbitrary code execution
• Spotlight: A local user may manipulate files with the privileges of another user
• Subversion: Accessing a Subversion repository may lead to an unexpected application termination or arbitrary code execution

Phew! So update ASAP!

Related posts:

1. Windows Updates for September 8th, 2009
2. Apple Releases Safari 4.0.5
3. Adobe Reader 9.3 Announced
4. Microsoft Sends Out Mandatory Xbox Update Notice
5. Apple once again removes ZFS support