Monday
Dec152008
OSX Update 10.5.6
Monday, December 15, 2008 at 10:38PM
Apple has release an update that addresses about 21 security issues that can be exploited in a variety of ways. If you are using egress filtering between groups/departments the effects of local attacks may be contained but it it recommended to install the update for your particular system. Popular exploitation delivery includes directing a user to a web site or sending a corrupt image to be viewed locally. This can in the worst case result in the execution of code and hijacking the entire system.
Overview
- Heap buffer overflow in CoreGraphics.
- Flash Plug-in Vulnerabilities which are web directed exploits.
- CoreServices credential hijack vulnerability.
These can result in:
- Session fixation attack.
- Denial of Service.
- Elevation of privilege.
Reader Comments