Tuesday, August 24, 2010

Apple Security Update 2010-005

Apple have released FOUR versions of Security Update 2010-005. The versions are linked below:

Mac OS X Snow Leopard Client - 80.63 MB

Mac OS X Snow Leopard Server - 136.86 MB

Mac OS X Leopard Client - 211.88 MB

Mac OS X Leopard Server - 418.92 MB

The general downloads page can be found HERE.

You can read about the security patches HERE.

My quick summary:

There are 8 security patches.

-> 2 PHP patches: One patches a buffer overflow vulnerability regarding maliciously crafted PNG image files. The other updates PHP to version v5.3.2, which itself provides a variety of security patches to such things as further buffer overflow vulnerabilities.

-> 1 Samba patch: A buffer overflow...

-> 1 Apple Type Services (ATS) patch: A vulnerability to maliciously crafted embedded fonts due to a buffer overflow...

-> 1 CFNetwork patch: Prevents a man-in-the-middle attack that could redirect network connections and intercept a user's sensitive information such as their user credentials.

-> 1 ClamAV patch: Updates the versions of ClamAV in Mac OS X Server 10.5 and 10.6 to version 0.96.1, solving multiple vulnerabilities.

-> 1 CoreGraphics patch: A heap buffer overflow due to maliciously crafted PDF files. (Presumably this is related to a similar problem in iOS v4.0).

-> 1 libsecurity patch: Improves the handling of certificate host names, preventing a website impersonation attack.

No comments:

Post a Comment