Mac OS X 10.8 < 10.8.3 Multiple Vulnerabilities (Security Update 2013-001)

high Log Correlation Engine Plugin ID 801018

Synopsis

The remote host is missing Mac OS X security update 2013-001 that fixes multiple security issues.

Description

The remote host is running a version of Mac OS X 10.8 that is older than version 10.8.3. The newer version contains numerous security-related fixes :

- A canonicalization issue existed in the handling of URIs with ignorable Unicode character sequences. This issue was addressed by updating mod_hfs_apple to forbid access to URIs with ignorable Unicode character sequences. (CVE-2013-0966)
- Java Web Start applications would run even if the Java plug-in was disabled. This issue was addressed by removing JNLP files from the CoreTypes safe file type list, so the Web Start application will not be run unless the user opens it in the Downloads directory. (CVE-2013-0967)
- A canonicalization issue existed in the handling of the EUC-JP encoding, which could lead to a cross-site scripting attack on EUC-JP encoded websites. This issue was addressed by updating the EUC-JP mapping table. (CVE-2011-3058)
- An error handling issue existed in Identity Services. If the user's AppleID certificate failed to validate, the user's AppleID was assumed to be the empty string. If multiple systems belonging to different users enter this state, applications relying on this identity determination may erroneously extend trust. This issue was addressed by ensuring that NULL is returned instead of an empty string. (CVE-2013-0963)
- Description: A buffer overflow existed in libtiff's handling of TIFF images. This issue was addressed through additional validation of TIFF images. (CVE-2012-2088)
- A memory corruption issue existed in the handling of graphics data. This issue was addressed through improved bounds checking.(CVE-2013-0976)
- An information disclosure issue existed in the handling of APIs related to kernel extensions. Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection. (CVE-2012-3749)
- A logic error existed in VoiceOver's handling of the Login Window, whereby an attacker with access to the keyboard could launch System Preferences and modify the system configuration. This issue was addressed by preventing VoiceOver from launching applications at the Login Window. (CVE-2013-0969)
- Clicking on a specifically-formatted FaceTime:// URL in Messages could bypass the standard confirmation prompt. This issue was addressed by additional validation of FaceTime:// URLs. (CVE-2013-0970)
- An issue existed in the Jabber server's handling of dialback result messages. An attacker may cause the Jabber server to disclose information intended for users of federated servers. This issue was addressed through improved handling of dialback result messages. (CVE-2012-3525)
- Description: A use after free issue existed in the handling of ink annotations in PDF files. This issue was addressed through improved memory management. (CVE-2013-0971)
- A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling XML parameters in the Rails implementation used by Podcast Producer Server. (CVE-2013-0156)
- A buffer overflow existed in the handling of 'rnet' boxes in MP4 files. This issue was addressed through improved bounds checking. (CVE-2012-3756)

Solution

Upgrade to version 10.8.3 or higher.

See Also

support.apple.com/kb/HT5672

Plugin Details

Severity: High

ID: 801018

Published: 3/16/2013

Nessus ID: 65577

Vulnerability Information

Patch Publication Date: 3/14/2013

Vulnerability Publication Date: 7/22/2012

Exploitable With

Metasploit (Ruby on Rails XML Processor YAML Deserialization Code Execution)

Reference Information

CVE: CVE-2011-3058, CVE-2012-2088, CVE-2012-3525, CVE-2012-3749, CVE-2012-3756, CVE-2013-0156, CVE-2013-0963, CVE-2013-0966, CVE-2013-0967, CVE-2013-0969, CVE-2013-0970, CVE-2013-0971, CVE-2013-0973, CVE-2013-0976

BID: 52762, 54270, 56361, 56552, 57598, 58494, 58509, 58512, 58513, 58514, 58515, 58516