Mac OS X v10.6.6
-
PackageKit
CVE-ID: CVE-2010-4013
Available for: Mac OS X v10.6 through v10.6.5, Mac OS X Server v10.6 through v10.6.5
Impact: A man-in-the-middle attacker may be able to cause an unexpected application termination or arbitrary code execution
Description: A format string issue exists in PackageKit's handling of distribution scripts. A man-in-the-middle attacker may be able to cause an unexpected application termination or arbitrary code execution when Software Update checks for new updates. This issue is addressed through improved validation of distribution scripts. This issue does not affect systems prior to Mac OS X v10.6. Credit to Aaron Sigel of vtty.com for reporting this issue.
http://support.apple.com/kb/HT4498
Don
No comments:
Post a Comment