You are here

U-264: Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges

September 20, 2012 - 6:00am

Addthis

U-264:  Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges

September 20, 2012 - 6:00am

PROBLEM:

Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges

PLATFORM:

Apple OS X

ABSTRACT:

Several vulnerabilities were reported in Apple OS X.

reference LINKS:

Apple Security Article: HT5501
SecurityTracker Alert ID:  1027551
CVE-2012-0650
CVE-2012-3716
CVE-2012-3718
CVE-2012-3719
CVE-2012-3720
CVE-2012-3721
CVE-2012-3722
CVE-2012-3723

IMPACT ASSESSMENT:

Medium

Discussion:

If the DirectoryService Proxy is used, a remote user can trigger a buffer overflow in the DirectoryService Proxy to execute arbitrary code [CVE-2012-0650]. OS X Lion and Mountain Lion systems are not affected. aazubel reported this vulnerabilities (via HP's Zero Day Initiative).

A remote user can create a specially crafted file that, when loaded by the target user via an application that uses CoreText, will trigger an out-of-bounds memory access error and execute arbitrary code [CVE-2012-3716]. Mac OS X v10.6 and OS X Mountain Lion systems are not affected.

A local user can exploit a flaw in LoginWindow to capture password keystrokes from Login Window and Screen Saver Unlock [CVE-2012-3718]. Only OS X Mountain Lion is affected.

A remote user can send a specially crafted e-mail that, when viewed by the target user, will launch an embedded web plugin [CVE-2012-3719]. OS X Mountain Lion is not affected.

A user with access to the contents of a mobile account can obtain the account user's password hash [CVE-2012-3720]. OS X Mountain Lion is affected.

A remote user can exploit a flaw in the Device Management private interface to identify managed devices [CVE-2012-3721]. OS X Mountain Lion is not affected.

A remote user can create a specially crafted Sorenson encoded movie file that, when loaded by the target user, will trigger a memory access error and execute arbitrary code on the target system [CVE-2012-3722]. The code will run with the privileges of the target user. OS X Mountain Lion systems are not affected.

A physically local user can attach a USB device with a specially crafted bNbrPorts descriptor field to trigger a memory corruption error and execute arbitrary code [CVE-2012-3723]. OS X Mountain Lion systems are not affected.

Impact:

A remote user can execute arbitrary code on the target system.

A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

A local user can obtain elevated privileges on the target system.

A remote user can obtain a password hash in certain cases.

A local user can obtain password keystrokes.

Solution:

The vendor has issued a fix.  Apple Security Updates

Addthis