Apple has released critical security updates for OS X and Safari to address several vulnerabilities.
Successful exploitation of the vulnerabilities could allow for an attacker to obtain sensitive information, execute arbitrary code, escalate privileges, conduct a cross-site scripting attack, or cause a denial-of-service (DoS).
According to US-CERT, the update releases include fixes for the following products:
- Safari 5.1.7 for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion Server v10.7.4, OS X Lion v10.7.4, Windows 7, Vista, XP SP2 or later
- OS X Lion v10.7.4 and Security Update 2012-002 for OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3, Mac OS X v10.6.8, Mac OS X Server v10.6.8
For further details on the vulnerabilities, available updates and other mitigation, Apple published the the following articles:
- OS X Lion v10.7.4 and Security Update 2012-002: HT5281
- Safari 5.1.7: HT5282