BandaAncha.eu

Comunidad de usuarios
de fibra, móvil y ADSL

MAC OS X v10.6.7 es un @#~%. APPLE arregla 57 vulnerabilidades gravisimas en el sistema operativo Apple patches

BocaDePez
BocaDePez

MAC OS X v10.6.7 es un @#~%. APPLE arregla 57 vulnerabilidades gravisimas en el sistema operativo Apple patches

Apple patches Pwn2Own flaw in massive Mac OS X update

Some examples of the more serious vulnerabilities:

AppleScript: A format string issue existed in AppleScript Studio's generic dialog commands ("display dialog" and "display alert"). Running an AppleScript Studio-based application that allows untrusted input to be passed to a dialog may lead to an unexpected application termination or arbitrary code execution.

ATS: A heap buffer overflow issue existed in the handling of OpenType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution; Multiple buffer overflow issues existed in the handling of TrueType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.

CoreText: A memory corruption issue existed in CoreText's handling of font files. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.

ImageIO: A heap buffer overflow issue existed in ImageIO's handling of JPEG images. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution; An integer overflow issue existed in ImageIO's handling of XBM images. Viewing a maliciously crafted XBM image may result in an unexpected application termination or arbitrary code execution; A buffer overflow existed in libTIFF's handling of JPEG encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.

Installer: A URL processing issue in Install Helper may lead to the installation of an agent that contacts an arbitrary server when the user logs in. The dialog resulting from a connection failure may lead the user to believe that the connection was attempted with Apple.

QuickLook: A memory corruption issue existed in QuickLook's handling of Excel files. Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.

QuickTime: Multiple memory corruption issues existed in QuickTime's handling of JPEG2000 images. Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution; An integer overflow existed in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution; A memory corruption issue existed in QuickTime's handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

Todavia recuerdo las palabras de un hacker famoso, fichado por una suite de seguridad, comentando que el usaba, un MAC, y usaba windows virtualizado sobre el sis oficial y corriendo con paquetes de seguridad en win... argumentaba que la plataforma apple era COMPLETAMENTE insegura.

Las pruebas lo han dado la razon, no es que no hubiese coladores, es que no se daban ni cuenta...

more info:

BocaDePez
BocaDePez

importante actulización:

y permite acabar con múltiples agujeros que podrían ser empleados para la ejecución de ataques de código remoto a través de archivos de fuentes o imágenes corruptas.

Los parches también permiten acabar con los agujeros detectados en aplicaciones del S.O. de Apple como CoreText, ImageIO, QuickTime, QuickLook, así como en el Installer y en AppleScript.

casi nada.