MacOSX: New Update

Users of MacOSX please be advised of a new update fix vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

CVE-2010-1752: Update your MacOSX
Basically, the offensive stuff shared with Apple security team, could
allow an attacker to abuse a vulnerability in the CFNetwork library
(stack overflow) on the iPhone devices.

Notice that if you already updated your iPhone with iOS4, our exploits
for this particular vulnerability would not work anymore.
( search for “CVE-2010-1752” here: http://support.apple.com/kb/ht4225 )

But, thanks to our proof of concepts (client-side attacks), it was not
only possible to abuse the iPhone devices, but also any current Mac OS X
( Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through
v10.6.4, Mac OS X Server v10.6 through v10.6.4 ).

Hopefully, this week, Apple released many interesting security patches
for Mac OS X, and one of them will allow Mac end users to avoid those
kind of client-side attacks and stack overflows against the CFNetwork
library (which is used by many applications, like Safari).
Read more at http://www.criticalwatch.com

 

Advertisements