Apple Issues Mac Os X Version 10.6.7, Mitigates Security Vulnerabilities
Recently, Apple released version 10.6.7 for Mac OS X. The latest update by Apple mitigates several security vulnerabilities related to various components. The vulnerabilities are associated with Airport, Apache, ATS, bzip2, CarbonCore, ClaimAV, Core Text, HFS, File Quarantine, ImageIO, Image RAW, Installer, Kerberos, Kernel, Libinfo, libxml, Mailman, PHP, QuickLook, QuickTime, Ruby, Samba, Subversion, Terminal and X11.
The security update disallows the creation of call gate i386_set_ldt() to mitigate a privilege escalation issue in Kernel, which allows a local user to execute arbitrary code with system privileges. The update resolves an integer truncation issue in the way Libinfo manages NFS RPC packets. The vulnerability could allow a remote attacker to make some NFS RPC packets unresponsive through denial of service on hosts that export these packets.
The update resolves a memory corruption issue and double free issue in libxml, which could have caused arbitrary code execution or unexpected termination of application on visiting a malicious website. Mailman has been updated to version 2.1.14 to mitigate several cross-site scripting vulnerabilities, which existed in the earlier version 2.1.13. The security update resolves memory corruption issues in the Quick Looks handling of Microsoft Office files, which may lead to arbitrary code execution or application termination on downloading maliciously crafted Office file. The update mitigates a stack buffer overflow issue in the way Samba manages Windows security IDs. The issue allows attackers to execute arbitrary code or cause denial of service, if SMB file sharing is enable.
FreeType has been updated to version 2.4.3 to address several vulnerabilities, which could allow arbitrary code execution on processing a maliciously crafted font. The update resolves a security flaw in AirPort related to handling of Wi-Fi frames. The flaw may enable an attacker on the same Wi-Fi network to cause system reset.
Usually, IT professionals qualified in masters of security science, penetration testing and other security certifications detect and resolve security weaknesses. In this case, security researchers affiliated to various organizations such as Google, TippingPoint, Mozilla, NGS Secure, University of Delaware and Verisign identified the security flaws.
Vulnerabilities in software products are common and may be caused by coding errors, design flaws, changes in technology and human errors among others. Security professionals are required to constantly update their skills through training programs, online degree and e-learning programs.
While developers face the challenge of constant innovation and product development, cybercriminals are always on the lookout to exploit vulnerabilities. Developers may also encourage IT professionals to undertake security certifications such as certified secure programmer and online university degree programs to enhance their technical skills consistent with the changes in the security environment.
The security update disallows the creation of call gate i386_set_ldt() to mitigate a privilege escalation issue in Kernel, which allows a local user to execute arbitrary code with system privileges. The update resolves an integer truncation issue in the way Libinfo manages NFS RPC packets. The vulnerability could allow a remote attacker to make some NFS RPC packets unresponsive through denial of service on hosts that export these packets.
The update resolves a memory corruption issue and double free issue in libxml, which could have caused arbitrary code execution or unexpected termination of application on visiting a malicious website. Mailman has been updated to version 2.1.14 to mitigate several cross-site scripting vulnerabilities, which existed in the earlier version 2.1.13. The security update resolves memory corruption issues in the Quick Looks handling of Microsoft Office files, which may lead to arbitrary code execution or application termination on downloading maliciously crafted Office file. The update mitigates a stack buffer overflow issue in the way Samba manages Windows security IDs. The issue allows attackers to execute arbitrary code or cause denial of service, if SMB file sharing is enable.
FreeType has been updated to version 2.4.3 to address several vulnerabilities, which could allow arbitrary code execution on processing a maliciously crafted font. The update resolves a security flaw in AirPort related to handling of Wi-Fi frames. The flaw may enable an attacker on the same Wi-Fi network to cause system reset.
Usually, IT professionals qualified in masters of security science, penetration testing and other security certifications detect and resolve security weaknesses. In this case, security researchers affiliated to various organizations such as Google, TippingPoint, Mozilla, NGS Secure, University of Delaware and Verisign identified the security flaws.
Vulnerabilities in software products are common and may be caused by coding errors, design flaws, changes in technology and human errors among others. Security professionals are required to constantly update their skills through training programs, online degree and e-learning programs.
While developers face the challenge of constant innovation and product development, cybercriminals are always on the lookout to exploit vulnerabilities. Developers may also encourage IT professionals to undertake security certifications such as certified secure programmer and online university degree programs to enhance their technical skills consistent with the changes in the security environment.
Source...