Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Apple releases Mac OS X Security Update 2010-001
Mac Daily News ^ | 01/19/2010

Posted on 01/19/2010 7:53:08 PM PST by Swordmaker

Apple today released Security Update 2010-001 is recommended for all users and improves the security of Mac OS X.

Security Update 2010-001 is available for various versions of Mac OS X via Software Update and also via standalone installers.

More info and download links:
Security Update 2010-001 (Snow Leopard) - 21.90 MB
Security Update 2010-001 Client (Leopard) - 159.58 MB
Security Update 2010-001 Server (Leopard) - 248.11 MB



TOPICS: Business/Economy; Computers/Internet
KEYWORDS: ilovebillgates; iwanthim; iwanthimbad; microsoftfanboys
OS X Leopard Client and Server, and Snow Leopard user can merely click on the Black Apple menu and select "Software Update..." and follow the prompts to update.
1 posted on 01/19/2010 7:53:10 PM PST by Swordmaker
[ Post Reply | Private Reply | View Replies]

To: ~Kim4VRWC's~; 1234; 50mm; Abundy; Action-America; acoulterfan; AFreeBird; Airwinger; Aliska; ...
Time to download and install the latest Apple OS X security updates for Leopard and Snow Leopard. PING!


Mac OSX.5 and OSX.6 Security Update Ping!

If you want on or off the Mac Ping List, Freepmail me.

2 posted on 01/19/2010 7:55:31 PM PST by Swordmaker (Remember, the proper pronunciation of IE isAAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: All

About Security Update 2010-001

  • Last Modified: January 19, 2010
  • Article: HT4004

Summary

This document describes Security Update 2010-001, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

Products Affected

Product Security, Mac OS X 10.5, Mac OS X 10.6

Security Update 2010-001

  • CoreAudio

    CVE-ID: CVE-2010-0036

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2

    Impact: Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow exists in the handling of mp4 audio files. Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Tobias Klein of trapkit.de for reporting this issue.

  • CUPS

    CVE-ID: CVE-2009-3553

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2

    Impact: A remote attacker may cause an unexpected application termination of cupsd

    Description: A use-after-free issue exists in cupsd. By issuing a maliciously crafted get-printer-jobs request, an attacker may cause a remote denial of service. This is mitigated through the automatic restart of cupsd after its termination. This issue is addressed through improved connection use tracking.

  • Flash Player plug-in

    CVE-ID: CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800, CVE-2009-3951

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2

    Impact: Multiple vulnerabilities in Adobe Flash Player plug-in

    Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in to version 10.0.42. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb09-19.html Credit to an anonymous researcher and Damian Put working with TippingPoints Zero Day Initiative, Bing Liu of Fortinet's FortiGuard Global Security Research Team, Will Dormann of CERT, Manuel Caballero and Microsoft Vulnerability Research (MSVR).

  • ImageIO

    CVE-ID: CVE-2009-2285

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

    Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer underflow exists in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.2.

  • Image RAW

    CVE-ID: CVE-2010-0037

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2

    Impact: Viewing a maliciously crafted DNG image may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow exists in Image RAW's handling of DNG images. Viewing a maliciously crafted DNG image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Jason Carr of Carnegie Mellon University Computing Services for reporting this issue.

  • OpenSSL

    CVE-ID: CVE-2009-3555

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2

    Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL

    Description: A man-in-the-middle vulnerability exists in the SSL and TLS protocols. Further information is available at http://www.phonefactor.com/sslgap A change to the renegotiation protocol is underway within the IETF. This update disables renegotiation in OpenSSL as a preventive security measure. The issue does not affect services using Secure Transport as it does not support renegotiation. Credit to Steve Dispensa and Marsh Ray of PhoneFactor, Inc. for reporting this issue.

Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.


3 posted on 01/19/2010 8:00:12 PM PST by Swordmaker (Remember, the proper pronunciation of IE isAAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Swordmaker

Installed on Macbook and Mini without issue :)


4 posted on 01/19/2010 8:00:18 PM PST by TheStickman
[ Post Reply | Private Reply | To 2 | View Replies]

To: Swordmaker

Thanks for the note!


5 posted on 01/19/2010 9:24:06 PM PST by Jet Jaguar
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

MacBook, iMac updated... tx


6 posted on 01/20/2010 5:06:49 AM PST by WVKayaker ( Nothing is so good as it seems beforehand. -George Eliot)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Swordmaker

Thank you Swordmaker!


7 posted on 01/20/2010 8:42:45 AM PST by vox_freedom (America is being tested as never before in its history. May God help us.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: TheStickman

Installed on Mac Book Pro (SL 10.6.2) with no issues


8 posted on 01/20/2010 12:52:01 PM PST by grwcfl537 (No M$ products on this network.)
[ Post Reply | Private Reply | To 4 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson