Select Page

Pile of Patches for Leopard and Tiger

by | Dec 17, 2007 | 0 comments

Apple just released a big old pile of patches for the security-burdened Leopard and Tiger operating systems. Among the addressed problems:

 

  • Address Book
    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • CFNetwork
    Impact: Visiting a malicious website could allow the automatic download of files to arbitrary folders to which the user has write permission
  • Core Foundation
    Impact: Usage of CFURLWriteDataAndPropertiesToResource API may lead to the disclosure of sensitive information
  • Desktop Services
    Impact: Opening a directory containing a maliciously-crafted .DS_Store file in Finder may lead to arbitrary code execution

  • Flash Player Plug-in
    Description: Adobe Flash Player is updated to version 9.0.115.0 to address CVE-2007-5476.
    Further information is available via the Adobe site at http://www.adobe.com/support/security/advisories/apsa07-05.html
    Credit to Opera

  • GNU Tar
    Impact: Extracting a maliciously crafted tar archive could overwrite arbitrary files
  • iChat
    Impact: A person on the local network may initiate a video connection without the user’s approval
  • IO Storage Family
    Impact: Opening a maliciously crafted disk image may lead to an unexpected system shutdown or arbitrary code execution
  • Launch Services
    Impact: Opening a maliciously crafted HTML file may lead to information disclosure or cross-site scripting
    Impact: Opening an executable mail attachment may lead to arbitrary code execution with no warning
  • Mail
    Impact: SMTP accounts set up through Account Assistant may use plaintext authentication even when MD5 Challenge-Response authentication is available
  • Quick Look
    Impact: Previewing a file with QuickLook enabled may lead to the disclosure of sensitive information
    Impact: Previewing a movie file may access URLs contained in the movie
  • Safari
    Impact: Visiting a malicious website may result in the disclosure of sensitive information
  • Safari RSS
    Impact: Accessing a maliciously crafted feed: URL may lead to an application termination or arbitrary code execution
  • Samba
    Impact: Multiple vulnerabilities in Samba
  • Shockwave Plug-in
    Impact: Opening maliciously crafted Shockwave content may lead to arbitrary code execution
  • SMB
    Impact: A local user may be able to execute arbitrary code with system privileges
  • Software Update
    Impact: A man-in-the-middle attack could cause Software Update to execute arbitrary commands
  • Spin Tracer
    Impact: A local user may be able to execute arbitrary code with system privileges
  • Spotlight
    Impact: Downloading a maliciously crafted .xls file may lead to an unexpected application termination or arbitrary code execution

Get a look at Apple’s full descriptions of issues and fixes at their site: Security Update 2007-009

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Divi WordPress Theme

Apple 2023 MacBook Pro Laptop M2 Pro chip with 10‑core CPU and 16‑core GPU: 14.2-inch Liquid Retina XDR Display, 16GB Unified Memory, 512GB SSD Storage. Works with iPhone/iPad; Space Gray
$1,934.93
Apple 2022 MacBook Pro Laptop with M2 chip: 13-inch Retina Display, 8GB RAM, 256GB ​​​​​​​SSD ​​​​​​​Storage, Touch Bar, Backlit Keyboard, FaceTime HD Camera. Works with iPhone and iPad; Space Gray
Available for Amazon Prime 15% Off $1,299.00 $1,099.00
Apple 2020 MacBook Air Laptop M1 Chip, 13" Retina Display, 8GB RAM, 256GB SSD Storage, Backlit Keyboard, FaceTime HD Camera, Touch ID. Works with iPhone/iPad; Silver
Available for Amazon Prime 19% Off $999.00 $799.99

Available for Amazon Prime