Search My Blog

Thursday, January 13, 2011

About the security content of Mac OS X v10.6.6

Mac OS X v10.6.6

  • PackageKit

    CVE-ID: CVE-2010-4013

    Available for: Mac OS X v10.6 through v10.6.5, Mac OS X Server v10.6 through v10.6.5

    Impact: A man-in-the-middle attacker may be able to cause an unexpected application termination or arbitrary code execution

    Description: A format string issue exists in PackageKit's handling of distribution scripts. A man-in-the-middle attacker may be able to cause an unexpected application termination or arbitrary code execution when Software Update checks for new updates. This issue is addressed through improved validation of distribution scripts. This issue does not affect systems prior to Mac OS X v10.6. Credit to Aaron Sigel of vtty.com for reporting this issue.

Read more...
http://support.apple.com/kb/HT4498

Don

No comments: