Apple Releases Multiple OS X Lion Security Updates

Friday, February 03, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

Apple has released security updates for Apple OS X Lion 10.7 to 10.7.2, OS X Lion Server 10.7 to 10.7.2, Mac OS 10.6.8, and Mac OS X Server v 10.6.8 to address multiple vulnerabilities.

These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, and bypass security restrictions.

US-CERT encourages users and administrators to review Apple Support Article HT5130 and apply any necessary updates to help mitigate the risks.

Additional information regarding CVE-2011-3449 can be found in US-CERT Vulnerability Note VU#410281:

  • Overview: Apple Mac OS X CoreText contains a use-after-free vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
  • Description: Apple Mac OS X CoreText is a text layout and font processing engine that is used to handle embedded fonts.CoreText contains a use-after-free vulnerability that can allow arbitrary code execution.
  • Impact: By convincing a user to open a document with a specially-crafted embedded font, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.

Additional information regarding CVE-2011-3446 can be found in US-CERT Vulnerability Note VU#403593:

  • Overview: Apple Mac OS X ATS contains a memory corruption vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
  • Description: Apple Mac OS X ATS (Apple Type Services) fails to properly handle malformed data-font (.dfont) files, resulting in memory corruption.
  • Impact: By convincing a user to open a specially-crafted font in Font Book, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.

Source:  http://www.us-cert.gov/current/index.html#apple_releases_multiple_security_updates1

Possibly Related Articles:
5424
US-CERT
Denial of Service Apple Operating Systems operating system Headlines Mac Security CERT Servers Malicious Code Critical Patch Updates OS X Lion
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.