| 9! | Apple Mac OS X multiple security vulnerabilities
|
 | | AFP server directory traversal, Apache updates, AppKit memory corruption, Apple Pixlet Video multiple memory corruptions, Apple Type Services PDF printing fonts memory corruption, SSL information leak, multiple vulnerabilities in Graphics and Image engines on different filetypes and multimedia formats, Help Viewer buffer overflow, Unicode content filtering bypass, Image Capture directory traversal, DoS через IPv6, SMTP client buffer overflow, etc. |
| 6! | Mac OS X vpnd format string security vulnerability
|
| | Formats string vulnerability on -i command line argument parsing. |
| 6! | Apple Mac OS X pppd privilege escalation
|
| | It's possible to attach user-supplied module to privileged process with 'plugin' command. |
| 6! | Apple Mac OS X RPC portmapper service integer overflow
|
| | Integer overflow during AUTH_UNIX RPC uahtneitcation. |
| | Apple MacOS X multiple security vulnerabilities
|
| | Mac OS X security update closes a number of vulnerabilities. |
| 6! | Mac OS X ImageIO integer overflow
|
| | Integer overflow on GIF images parsing. |
| 7! | Apple multiple applications format string vulnerabilities
|
| | Format string vulnerabilities in multiple client applications. |
| | Mac OS X crashdump symbolic links security vulnerability
|
| | Symbolic links problem on creating dump file in user's home. Allows admin group user to escalate privileges to root. |
| 6! | Apple Mac OS X Software Update / Apple Installer format string security vulnerability
|
| | Format string vulnerability on parsing filename of application/x-apple.sucatalog+xml files (.sucatalog и .swutmp). Format string vulnerability in .pkg file name. |
| 6! | Apple Mac OS X UserNotificationCenter privilege escalation
|
| | Application doesn't droup wheel group privileges. |
| 6! | Apple QuickDraw libraries memory corruption
|
| | Memory corruption on maleformed PICT image ARGB record. |
| 7! | Mac OS X writeconfig privilege escalation
|
| | launchctl utility is executed by relative path from suid application. |
| 7! | Mac OS X SLP daemon buffer overflow
|
| | Buffer overflow on parsing arguments list of SLP request. |
| | Mac OS X syscall DoS
|
| | Arguments of shared_region_map_file_np() syscall are not checking, making it's possible to exhaust all available memory. |
| 7! | Multiple Mac OS X security privilege escalation
|
| | Few suid application binaries are user-writable. |
| 6! | Mac OS X AppleTalk protocol buffer overflow
|
| | Heap buffer overflow. |
| 6! | Mac OS X / Apple Finder multiple file system parsing vulnerabilities
updated since 11.01.2007
|
| | Buffer overflow on oversized DMG volume label in Apple Finder. Integer overflows on UFS DMG image parsing. DoS on processing UFS and HFS+ volumes. |
| | Apple Mac Os X DiskManagement.framework privilege escalation
|
| | File integrity for file with original permissions database is not checked during permissions restoration. |
| 7! | Mac OS X Apple Airport wireless driver memory corruption
|
| | Memory corruption on probe response frame parsing. |
| 8! | Multiple MacOS X security vulnerabilities
updated since 02.10.2006
|
| | Multiple local and client vulneragbilities in different subcomponents. |
| 9! | Multiple Intel Centrino / PROSet / Apple Airport wireless drivers security vulnerabilities
updated since 10.08.2006
|
| | Multiple vulnerabilities, including local privilege escalation anre remote code execution. |
| 6! | Mac OS X XSan filesystem driver buffer overflow
|
| | Buffer overflow on oversized path. |
| | Apple OpenDirectory DoS
|
| | slapd assert() on malformed bind request. |
| 7! | MacOS X launchd formatstring vulnerabilitiy
|
| | Format string vulnerability on syslog() call. |
| 7! | Multiple Apple MacOS X security vulnerabilities
updated since 12.05.2006
|
| | Security update for May fixes 25 different vulnerabilities. |
| | MacOS X memory corruption
|
| | Memory corruption on EXR files parsing. |
| | Safari MacOS X DoS
|
| | Large rowspan number leads to CPU and memory consumption. |
| | Multiple MacOS X security vulnerabilities
|
| | Buffer overflow in BOMArchiveHelper on ZIP archive extraction, multiple security bugs in Safari on HTML and different image formats parsing. |
| 6! | MacOS X Mail.app mail client buffer overflow
|
| | Buffer overflow on MacMIME format parsing. |
| 6! | Apple MacOS X passwd privilege escalation
updated since 02.03.2006
|
| | Few vulnerabilities (symbolic links, race conditions) allow any system files editing. |
| 6! | MacOS X Safari web browser component directory traversal
|
| | BOMArchiveHelper component directory traversal. |
| 6! | MacOS X ZIP archives code execution
|
| | It's possible to set files associations with __MACOSX folder. |
| | Multiple MacOS X vulnerabilities
updated since 01.11.2005
|
| | Invalid ownership information in 'Finder', invalid 'Update' functioning, memberd removed group membership unauthorized access, 'Keychain' password leak, 'Kernel' uninitialized memory leak. |
| 8! | Multiple MacOS X vulnerabilites
|
| | ImageIO GIF files parsing buffer overflow, Mail.app information leakage, QuickDraw Manager PICT files parsing buffer overflow, Java virtual machine quick time extensions safe mode protection bypass, Safari crossite scripting. |
| 7! | MacOS X malloc() privilege escalation
|
| | With MallocLogFile it's possible to overwrite any system file with application which uses malloc() function. |
| 7! | Multiple MacOS X vulnerabilities
updated since 18.08.2005
|
| | Apple Mac OS X Directory Services contains a buffer overflow, Apple Mac OS X Server servermgrd authentication vulnerable to buffer overflow, Apple Mac OS X AppKit vulnerable to buffer overflow via the handling of maliciously crafted rich text files, Apple Mac OS X AppKit vulnerable to buffer overflow via maliciously crafted Microsoft Word files, Apple Mac OS X Safari vulnerable to arbitrary command execution via URLs in PDF files, Apple Safari fails to perform security checks on links in rich text content. |
| | Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 15.08.2005
|
| | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| 7! | Multiple MacOS X vulnerabilities
|
| | System wide denial of service on parsing malcrafted TCP packet. Possibility to overwrite system widget. |
| | MacOS X launchd synbolic links race conditions
|
| | Unsafe temporary files creation. |
| | |
