# Mac OS X Security Update Fixes Multiple Vulnerabilities (Highly critical)



## jgvernonco (Sep 13, 2003)

Mac OS X Security Update Fixes Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA12249

VERIFY ADVISORY:
http://secunia.com/advisories/12249/

CRITICAL:
Highly critical

IMPACT:
Exposure of sensitive information, DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/

SOFTWARE:
Safari 1.x
http://secunia.com/product/1543/

DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes various
vulnerabilities.

1) Multiple vulnerabilities in libpng can be exploited by malicious
people to cause a DoS (Denial of Service) or compromise a user's
system.

For more information:
SA11505
SA12219

2) A vulnerability in the Safari browser can be used by a malicious
website to steal sensitive information from forms.

The vulnerability can reportedly only be exploited in the situation
of a form being sent with the POST method to an URL, which performs a
redirection to another URL.

3) A vulnerability in the processing of network traffic can be
exploited by malicious people to cause a DoS.

The vulnerability is exploited by sending a sequence of specially
crafted IP fragments. The attack known as the "Rose Attack" will
cause the system to use too much system resources resulting in DoS.

SOLUTION:
Apply Security Update 2004-08-09.

Mac OS X 10.3.5:
http://wsidecar.apple.com/cgi-bin/n...latform=osx&method=sa/SecUpd2004-08-09Pan.dmg

Mac OS X 10.2.8:
http://wsidecar.apple.com/cgi-bin/n...latform=osx&method=sa/SecUpd2004-08-09Jag.dmg

OTHER REFERENCES:
SA11505:
http://secunia.com/advisories/11505/

SA12219:
http://secunia.com/advisories/12219/


----------

