Apple Releases 10.6.2 and Security Update 2009-006

November 9th, 2009 by dreamsburnred Leave a reply »

Phew today is one heck of a update day for mac users!

11 09 091062up Apple Releases 10.6.2 and Security Update 2009 006

Update screen for the update. Image Credit: Engadget.

10.6.2 bug fixes;

  • an issue that might cause your system to logout unexpectedly
  • a graphics distortion in Safari Top Sites
  • Spotlight search results not showing Exchange contacts
  • a problem that prevented authenticating as an administrative user
  • issues when using NTFS and WebDAV file servers
  • the reliability of menu extras
  • an issue with the 4-finger swipe gesture
  • an issue that causes Mail to quit unexpectedly when setting up an Exchange server
  • Address Book becoming unresponsive when editing
  • a problem adding images to contacts in Address Book
  • an issue that prevented opening files downloaded from the Internet
  • Safari plug-in reliability
  • general reliability improvements for iWork, iLife, Aperture, Final Cut Studio, MobileMe, and iDisk
  • an issue that caused data to be deleted when using a guest account

Security Update 2009-006;

  • AFP: Accessing a malicious AFP server may lead to an unexpected system termination or arbitrary code execution with system privileges
  • Adaptive Firewall: A brute force or dictionary attack to guess an SSH login password may not be detected by Adaptive Firewall
  • Apache is updated to version 2.2.13
  • Apache: A remote attacker can conduct cross-site scripting attacks against Apache web server
  • APR: Applications using Apache Portable Runtime (apr) may be exploited for code execution
  • ATS: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
  • Certificate Assistant: A user may be misled into accepting a certificate for a different domain
  • Core Graphics: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
  • Core Media: Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution, Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution
  • CUPS: Acessing a maliciously crafted website or URL may lead to a cross-site scripting or HTTP response splitting attack
  • Dictionary: A user on the local network may be able to cause arbitrary code execution
  • Directory Service: A remote attacker may cause an unexpected application termination or arbitrary code execution
  • Disk Images: Downloading a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution
  • Dovecot: A local user may cause an unexpected application termination or arbitrary code execution with system privilege
  • Event Monitor: A remote attacker may cause log injection
  • Fetchmail: fetchmail is updated to 6.3.11
  • File: Running the file command on a maliciously crafted Common Document Format (CDF) file may lead to an unexpected application termination or arbitrary code execution
  • FTP Server: An attacker with access to FTP and the ability to create directories on a system may be able to cause unexpected application termination or arbitrary code execution
  • Help Viewer: Using Help Viewer on an untrusted network may result in arbitrary code execution
  • ImageIO: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
  • International Components for Unicode: Applications that use the UCCompareTextDefault API may be vulnerable to an unexpected application termination or arbitrary code execution
  • IOKit: A non-privileged user may be able to modify the keyboard firmware
  • IPSec: Multiple vulnerabilities in the racoon daemon may lead to a denial of service
  • Kernel: A local user may cause information disclosure, an unexpected system shutdown, or arbitrary code execution
  • Launch Services: Attempting to open unsafe downloaded content may not lead to a warning
  • Libsecurity: Support for X.509 certificates with MD2 hashes may expose users to spoofing and information disclosure as attacks improve
  • Libxml: Parsing maliciously crafted XML content may lead to an unexpected application termination
  • Login Window: A user may log in to any account without supplying a password
  • OpenLDAP: A man-in-the-middle attacker may be able to impersonate a trusted OpenLDAP server or user even when SSL is being used, Multiple vulnerabilities in OpenLDAP
  • OpenSSH: Data in an OpenSSH session may be disclosed
  • PHP: Updated to 5.2.11
  • Quick Draw Manager: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
  • Quicklook: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution
  • Quicktime: Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution (2), Opening a maliciously crafted MPEG-4 video file may lead to an unexpected application termination or arbitrary code execution, Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code execution
  • FreeRADIUS: A remote attacker may terminate the operation of the RADIUS service
  • Screen Sharing: Accessing a malicious VNC server may lead to an unexpected application termination or arbitrary code execution
  • Spotlight: A local user may manipulate files with the privileges of another user
  • Subversion: Accessing a Subversion repository may lead to an unexpected application termination or arbitrary code execution

Phew! So update ASAP!

Be Sociable, Share!
  • more Apple Releases 10.6.2 and Security Update 2009 006

Posted in news

Tags:

You can follow any responses to this entry through the RSS 2.0 Feed. Both comments and pings are currently closed.

Advertisement

Comments are closed.