Apple today released one of its biggest Mac OS X security updates in recent memory, covering a whopping with fixes for 88 documented vulnerabilities.
The Mac OS X v10.6.3 update, which is considered "critical," covers flaws that could lead to remote code execution, information disclosure and denial-of-service attacks.
In some scenarios, a malicious hacker could take complete control of a Mac-powered machine if a user simply views a malicious image or movie file.
The update covers critical vulnerabilities in AppKit, QuickTime,CoreMedia, CoreTypes, DiskImages, ImageIO and Image RAW.
It also covers holes in several open-source components, including Apache, ClamAV, MySQL, PHP.
Here's the full list of the patched vulnerabilities.
The Security Update 2010-002 / Mac OS X v10.6.3 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web page.
-------------------------------------
That a big list of CVEs - http://isc.sans.org/diary.html?storyid=8521
Unfortunately, this meta patch does not include a fix for the bug used by Charlie Miller at PWN2OWN 2010.
http://twitter.com/0xcharlie
New patch doesn't fix pwn2own bug. Sorry suckers, gonna have to wait for the next patch :p-------------------------------------
According to Computerworld....
Security Update 2010-002 plugged 92 holes in the client and server editions of Mac OS X 10.5 and Mac OS X 10.6, breaking a record that has stood since March 2008. The update dwarfed any released last year, when Apple's largest patched 67 vulnerabilities.....More than 40% of the vulnerabilities patched today, 37 out of the 92, were accompanied by the phrase "may lead to arbitrary code execution," which is Apple's way of saying that a flaw is critical and could be used by attackers to hijack a Mac.
No comments:
Post a Comment