This is cache of http://feeds.ziffdavisenterprise.com/~r/RSS/cheap_hack/~3/gi6Qi_HP0Y8/apple_finally_patches_dns_bug.html. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
Apple Finally Patches DNS Bug
2008-07-31 23:12:34 by Editor in Cheap Hack
 
After taking guff in the press for a while for its lack of a patch for the famous recent DNS bug, Apple has finally issued a patch. The update it comes in also patches 16 other vulnerabilities:
  • Open Scripting Architecture—Privilege elevation bug when loading plug-ins.
  • CarbonCore—A stack overflow in handling long file names. Potential code execution.
  • CoreGraphics—Two bugs, both code execution, one for malicious graphics, the other for malicious PDFs.
  • Data Detectors Engine—Engine may crash when parsing maliciously crafted content.
  • Disk Utility—A local user may obtain System privileges.
  • OpenLDAP—An ASN parsing bug can lead to a crash.
  • OpenSSL—A range checking error from last September (Red Hat patched it in two weeks) can lead to remote code execution.
  • PHP—Five different bugs, the worst of which can lead to remote code execution.
  • QuickLook—A maliciously crafted Microsoft Office file can cause QuickLooks to crash or allow remote code execution.
  • rsync—Path validation errors, which were also reported in 2007, are resolved.
 
Tags: code execution, remote code execution, bug, potential code execution, quicklooka maliciously, lead, data detectors engineengine, coregraphicstwo bugs, bugs
 
 
 
 
 
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia