Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Mac OS X v10.6.6 secuirty update - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Mac OS X v10.6.6 secuirty update

Mac OS X v10.6.6 is now available and addresses the following:

PackageKit
CVE-ID: CVE-2010-4013
Available for: Mac OS X v10.6 through v10.6.5,
Mac OS X Server v10.6 through v10.6.5
Impact: A man-in-the-middle attacker may be able to cause an
unexpected application termination or arbitrary code execution
Description: A format string issue exists in PackageKit's handling
of distribution scripts. A man-in-the-middle attacker may be able to
cause an unexpected application termination or arbitrary code
execution when Software Update checks for new updates. This issue is
addressed through improved validation of distribution scripts. This
issue does not affect systems prior to Mac OS X v10.6. Credit to
Aaron Sigel of vtty.com for reporting this issue.

Mac OS X Server v10.6.6 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

Thanks go out Dave who noticed the apple security update information to OS X v10.6 through v10.6.5 which was blank earlier today.

donald

206 Posts
ISC Handler
Should I be sad that an ISC bulletin has security misspelled in the headline? :(
Anonymous
- https://pgp.custhelp.com/app/answers/detail/a_id/2288/session/L3NpZC9jQlBwcHBqaw%3D%3D/sno/0
UPDATED 1/06/2010 - "IMPORTANT: PGP strongly recommends that Mac WDE customers do NOT upgrade to Mac OS X 10.6.6
PGP Development has identified a potential issue with the Apple Mac OS X 10.6.6 upgrade released earlier today, January 6, 2011, and PGP Whole Disk Encryption for Mac OS X.
Until this issue is resolved, PGP strongly recommends that customers do NOT upgrade to Mac OS X 10.6.6.
This issue has the highest internal priority at PGP, and we will update our customers with the resolution information as soon as it becomes available..."
Jack

160 Posts

Sign Up for Free or Log In to start participating in the conversation!