Mac OS X Security Update

[CrispCreations]

TITLE:

Mac OS X Security Update Fixes Multiple Vulnerabilities

SECUNIA ADVISORY ID:

SA12249

VERIFY ADVISORY:

http://secunia.com/advisories/12249/

CRITICAL:

Highly critical

IMPACT:

Exposure of sensitive information, DoS, System access

WHERE:

From remote

OPERATING SYSTEM:

Apple Macintosh OS X

http://secunia.com/product/96/

SOFTWARE:

Safari 1.x

http://secunia.com/product/1543/

DESCRIPTION:

Apple has issued a security update for Mac OS X, which fixes various vulnerabilities.

1) Multiple vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system.

For more information:

SA11505

SA12219

2) A vulnerability in the Safari browser can be used by a malicious website to steal sensitive information from forms.

The vulnerability can reportedly only be exploited in the situation of a form being sent with the POST method to an URL, which performs a redirection to another URL.

3) A vulnerability in the processing of network traffic can be exploited by malicious people to cause a DoS.

The vulnerability is exploited by sending a sequence of specially crafted IP fragments. The attack known as the "Rose Attack" will cause the system to use too much system resources resulting in DoS.

SOLUTION:

Apply Security Update 2004-08-09.

Mac OS X 10.3.5:

http://wsidecar.apple.com/cgi-bin/nph-reg3...04-08-09Pan.dmg

Mac OS X 10.2.8:

http://wsidecar.apple.com/cgi-bin/nph-reg3...04-08-09Jag.dmg

OTHER REFERENCES:

SA11505:

http://secunia.com/advisories/11505/

SA12219:

http://secunia.com/advisories/12219/