Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Security Update 2010-001 out now

  • 19-01-2010 10:38pm
    #1
    aidan_walsh
    Closed Accounts Posts: 17,208 ✭✭✭✭


    http://support.apple.com/kb/HT4004

    Recommended IMO for if nothing else the fix to the SSL vulnerability.
    Security Update 2010-001
    CoreAudio

    CVE-ID: CVE-2010-0036

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2

    Impact: Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow exists in the handling of mp4 audio files. Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Tobias Klein of trapkit.de for reporting this issue.

    CUPS

    CVE-ID: CVE-2009-3553

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2

    Impact: A remote attacker may cause an unexpected application termination of cupsd

    Description: A use-after-free issue exists in cupsd. By issuing a maliciously crafted get-printer-jobs request, an attacker may cause a remote denial of service. This is mitigated through the automatic restart of cupsd after its termination. This issue is addressed through improved connection use tracking.

    Flash Player plug-in

    CVE-ID: CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800, CVE-2009-3951

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2

    Impact: Multiple vulnerabilities in Adobe Flash Player plug-in

    Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in to version 10.0.42. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb09-19.html Credit to an anonymous researcher and Damian Put working with TippingPoints Zero Day Initiative, Bing Liu of Fortinet's FortiGuard Global Security Research Team, Will Dormann of CERT, Manuel Caballero and Microsoft Vulnerability Research (MSVR).

    ImageIO

    CVE-ID: CVE-2009-2285

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

    Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer underflow exists in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.2.

    Image RAW

    CVE-ID: CVE-2010-0037

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2

    Impact: Viewing a maliciously crafted DNG image may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow exists in Image RAW's handling of DNG images. Viewing a maliciously crafted DNG image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Jason Carr of Carnegie Mellon University Computing Services for reporting this issue.

    OpenSSL

    CVE-ID: CVE-2009-3555

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2

    Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL

    Description: A man-in-the-middle vulnerability exists in the SSL and TLS protocols. Further information is available at http://www.phonefactor.com/sslgap A change to the renegotiation protocol is underway within the IETF. This update disables renegotiation in OpenSSL as a preventive security measure. The issue does not affect services using Secure Transport as it does not support renegotiation. Credit to Steve Dispensa and Marsh Ray of PhoneFactor, Inc. for reporting this issue.


Comments

  • #2
    Sad Professor
    Moderators, Category Moderators, Arts Moderators, Entertainment Moderators, Technology & Internet Moderators Posts: 22,693 CMod ✭✭✭✭Sad Professor


    Bootcamp has also been updated to support Windows 7.


  • #3
    ElBarco
    Registered Users, Registered Users 2 Posts: 414 ✭✭ElBarco


    Sad Professor wrote: »
    Bootcamp has also been updated to support Windows 7.

    Have it working nicely here now. Had to use the ati fix with a 27 inch imac though to get around the black screen issue after setup.


  • #4
    Sad Professor
    Moderators, Category Moderators, Arts Moderators, Entertainment Moderators, Technology & Internet Moderators Posts: 22,693 CMod ✭✭✭✭Sad Professor


    Do all Intel-based Macs support Windows 7?

    All Intel-based Macintosh computers support Windows 7 using Boot Camp 3.1 except these:

    iMac (17-inch, Early 2006)
    iMac (17-inch, Late 2006)
    iMac (20-inch, Early 2006)
    iMac (20-inch, Late 2006)
    MacBook Pro (15-inch, Early 2006)
    MacBook Pro (17-inch, Late 2006)
    MacBook Pro (15-inch, Late 2006)
    MacBook Pro (17-inch, Early 2006)
    Mac Pro (Mid 2006, Intel Xeon Dual-core 2.66GHz or 3GHz)

    http://support.apple.com/kb/HT3986

    Nice... :rolleyes:


Advertisement