Apple Mac OS X multiple security vulnerabilities
Published:		16.12.2008
Source:		APPLE
SecurityVulns ID:		9519
Type:		remote
Level:		8/10
Description:		Apple Type Services DoS, BOM buffer overflow with CPIO archives, CoreGraphics buffer overflow on images parsing, invalid cookies setting for geographical domains, dangerous content warning bypass, multiple Flash Player Plugin vulnerabilities, multiple privilege escalations, Internet Sharing DoS, Podcast Producer unauthorized administrative access, UDF ISO images DoS.

Affected:		APPLE : MacOS X 10.4
		APPLE : MacOS X 10.5
CVE:		CVE-2008-4824
		CVE-2008-4823
		CVE-2008-4822
		CVE-2008-4821
		CVE-2008-4820
		CVE-2008-4819
		CVE-2008-4818
		CVE-2008-4237
		CVE-2008-4236
		CVE-2008-4234
		CVE-2008-4224
		CVE-2008-4223
		CVE-2008-4222
		CVE-2008-4221
		CVE-2008-4220
		CVE-2008-4219
		CVE-2008-4218
		CVE-2008-4217
		CVE-2008-3623
		CVE-2008-3170 (Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking," a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867.)
		CVE-2008-1391

Original document		CERT, US-CERT Technical Cyber Security Alert TA08-350A -- Apple Updates for Multiple Vulnerabilities (16.12.2008)
		APPLE, About the security content of Security Update 2008-008 / Mac OS X v10.5.6 (16.12.2008)

Discuss:

Read or add your comments to this news (0 comments)