---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Mac OS X Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA15436 VERIFY ADVISORY: http://secunia.com/advisories/15436/ CRITICAL: Moderately critical IMPACT: Security Bypass, Exposure of system information, DoS WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued an update for Mac OS X, which fixes various vulnerabilities. 1) An input validation error can be exploited to access arbitrary files on a Bluetooth-enabled system using directory traversal attacks via the Bluetooth file and object exchange services. 2) An error can be exploited by malicious web sites to download and install Dashboard widgets on a user's system via Safari without the Safe Download Validation warning. 3) A weakness in two system calls allows local users to gain knowledge of the names of files placed in unsearchable locations (e.g. files in users' ~/Public/Drop Box). 4) An error in the "nfs_mount()" function due to insufficient input value checks can be exploited by malicious, local users to cause a kernel panic. 5) An error can be exploited by malicious people with physical access to a system to start background applications behind locked screensaver windows. The vulnerabilities affect Mac OS X v10.4 and Mac OS X Server v10.4. SOLUTION: Apply Mac OS X 10.4.1 Update. http://www.apple.com/support/downloads/ PROVIDED AND/OR DISCOVERED BY: 1) Kevin Finisterre, digitalmunition.com. 3) John M. Glenn ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=301630 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------