Apple Details Mountain Lion Os X 10.8 For Mac
Mac OS X 10.8.3 Released with Apple’s Security Update 2013-001 Posted on March 18th, 2013 by Last week, Apple released a new version of its OS X Mountain Lion operating system to. This update includes multiple bug fixes and improves the security of Mac OS X. Included with Mac OS X 10.8.3 are and Security Update 2013-001, both of which address multiple security problems. For Mac users running OS X Lion, the 33 MB Security Update 2013-001 shipped alongside the Safari 6.0.3 software update.
Apple silently bundled of Security Update 2013-001. Oddly, Apple has not released any details about this update on its Apple security updates page. Altogether, the contents of these security updates include bug fixes for Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, and OS X Lion Server v10.7 to v10.7.5, in addition to OS X Mountain Lion v10.8 to v10.8.2.
Overall, a total of 21 are fixed, covering 17 separate CVEs, 9 of which are related to arbitrary code execution (CVE-2013-0156 and CVE-2013-0333 include flaws impacting multiple components of Apple software). Also included in this software update is a malware removal tool that will remove some of the most common variants of Mac malware. (Naturally, here at Intego we recommend our comprehensive software since we offer award-winning protection with timelier malware definition updates.) Following are details provided by Apple on the security issues documented as offering remote attackers the potential for arbitrary code execution:.: A buffer overflow existed in libtiff's handling of TIFF images. This issue was addressed through additional validation of TIFF images.: A memory corruption issue existed in the handling of graphics data.
Apple Details Mountain Lion Os X 10.8 For Mac
This issue was addressed through improved bounds checking.: A use after free issue existed in the handling of ink annotations in PDF files. This issue was addressed through improved memory management. Available for Mac OS X Server 10.6.8, OS X Lion Server v10.7 to v10.7.5:: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling XML parameters in the Rails implementation used by Podcast Producer Server. Available for OS X Lion Server v10.7 to v10.7.5:: A type casting issue existed in Ruby on Rails' handling of JSON data.
This issue was addressed by switching to using the JSONGem backend for JSON parsing in the Rails implementation used by Podcast Producer Server. Available for Mac OS X Lion Server v10.7 to v10.7.5:: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling XML parameters in the Rails implementation used by Profile Manager.: A buffer overflow existed in the handling of 'rnet' boxes in MP4 files. This issue was addressed through improved bounds checking.
Apple Details Mountain Lion Os X 10.8 For Mac Pro
Netscroll eye mouse driver for mac. Available for Mac OS X Server 10.6.8:: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling YAML and symbols in XML parameters in Rails.: Software Update allowed a man in the middle attacker to insert plugin content into the marketing text displayed for updates. This may allow the exploitation of a vulnerable plugin, or facilitate social engineering attacks involving plugins. This issue does not affect OS X Mountain Lion systems.
This issue was addressed by preventing plugins from being loaded in Software Update's marketing text WebView. Available for OS X Lion Server v10.7 to v10.7.5:: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling XML parameters in the Rails implementation used by Wiki Server. Available for OS X Lion Server v10.7 to v10.7.5:: A type casting issue existed in Ruby on Rails' handling of JSON data.
This issue was addressed by switching to using the JSONGem backend for JSON parsing in the Rails implementation used by Wiki Server. Following are the remaining flaws fixed with Apple's Mountain Lion update and Security Update 2013-001:.: A canonicalization issue existed in the handling of URIs with ignorable Unicode character sequences. This issue was addressed by updating modhfsapple to forbid access to URIs with ignorable Unicode character sequences.: Java Web Start applications would run even if the Java plug-in was disabled.
This issue was addressed by removing JNLP files from the CoreTypes safe file type list, so the Web Start application will not be run unless the user opens it in the Downloads directory.: A canonicalization issue existed in the handling of the EUC-JP encoding, which could lead to a cross-site scripting attack on EUC-JP encoded websites. This issue was addressed by updating the EUC-JP mapping table.: An error handling issue existed in Identity Services. If the user's AppleID certificate failed to validate, the user's AppleID was assumed to be the empty string. If multiple systems belonging to different users enter this state, applications relying on this identity determination may erroneously extend trust. This issue was addressed by ensuring that NULL is returned instead of an empty string.: An information disclosure issue existed in the handling of APIs related to kernel extensions. Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection. This issue was addressed by unsliding the addresses before returning them.: A logic error existed in VoiceOver's handling of the Login Window, whereby an attacker with access to the keyboard could launch System Preferences and modify the system configuration.
This issue was addressed by preventing VoiceOver from launching applications at the Login Window.: Clicking on a specifically-formatted FaceTime:// URL in Messages could bypass the standard confirmation prompt.