Status Tracking Note TRTA07-352A

Apple Updates for Multiple Vulnerabilities

Overview

Apple has released Security Update 2007-009 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, surreptitiously initiate a video conference, or cause a denial of service.
Event Information


Date (UTC)Description
2007-12-21 Apple
Article ID: 307224: About Security Update 2007-009 v1.1
Security Update 2007-009 v1.1 addresses an issue introduced in Security Update 2007-009 that may cause Safari to unexpectedly quit when browsing to certain websites.
2007-12-18 23:14 US-CERT
TA07-352A: Apple Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2007-12-18 13:14 US-CERT
Apple Releases Security Updates to Address Multiple Vulnerabilities
US-CERT Current Activity
Apple has released Security Update 2007-009 to address multiple vulnerabilities. The impacts of these vulnerabilities include arbitrary code execution, denial of service, information disclosure, cross-site scripting, privilege escalation, and authentication bypass.
2007-12-17 Apple
Article ID: 307179: About Security Update 2007-009
2007-07-16 iDefense
Apple Mac OS X mount_smbfs Stack Based Buffer Overflow Vulnerability
SMB Stack Buffer Overflow Vulnerability (CVE-2007-3876)
Vulnerability Reported
The vulnerability exists in a portion of code responsible for parsing command line arguments. When processing the -W option, which is used to specify a workgroup name, the option's argument is copied into a fixed sized stack buffer without any checks on its length. This leads to a trivially exploitable stack based buffer overflow.


Date first published (UTC): 2007-12-24T07:41+00:00
Date last updated (UTC): 2007-12-24T07:41+00:00