TITLE: Mac OS X Multiple Potential Vulnerabilities SECUNIA ADVISORY ID: SA19686 VERIFY ADVISORY: http://secunia.com/advisories/19686/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Tom Ferris has reported some potential vulnerabilities in Mac OS X, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. 1) An error exists in the "BOMStackPop()" function in the BOMArchiveHelper when decompressing malformed ZIP archives. 2) Some errors exists in the "KWQListIteratorImpl()", "drawText()", and "objc_msgSend_rtp()" functions in Safari when processing malformed HTML tags. 3) An error exists in the "ReadBMP()" function when processing malformed BMP images and can be exploited via e.g. Safari or the Preview application. 4) An error exists in the "CFAllocatorAllocate()" function when processing malformed GIF images and can be exploited via e.g. Safari when a user visits a malicious web site. 5) Two errors exists in the " _cg_TIFFSetField ()" and "PredictorVSetField()" functions when processing malformed TIFF images and can be exploited via e.g. the Preview, Finder, QuickTime, or Safari applications. The vulnerabilities have been reported in version 10.4.6. Other versions may also be affected. SOLUTION: Do not visit untrusted web sites, and do not open ZIP archives or images originating from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Tom Ferris ORIGINAL ADVISORY: Tom Ferris: http://www.security-protocols.com/sp-x25-advisory.php http://www.security-protocols.com/sp-x26-advisory.php http://www.security-protocols.com/sp-x27-advisory.php http://www.security-protocols.com/sp-x28-advisory.php http://www.security-protocols.com/sp-x29-advisory.php http://www.security-protocols.com/sp-x30-advisory.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------