Serious Tennis 1.0 Mac OS
This document describes the security content of OS X Lion v10.7.3 and Security Update 2012-001, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see 'How to use the Apple Product Security PGP Key.'
In 1981 a disputed line call gave rise to the now-famous John McEnroe quote: 'You cannot be serious'.SUBSCRIBE to The Wimbledon YouTube Channel: http://www.y. Sharma was leading 30-0 on Monticone’s serve and won the next point, which should have given her 0-40 advantage. However, for some reason the umpire confused the score, announcing that the Aussie player had a 30-15 lead.
Mac OS X Lion (version 10.7) is the eighth major release of macOS, Apple's desktop and server operating system for Macintosh computers. A preview of Mac OS X 10.7 Lion was publicly shown at the 'Back to the Mac' Apple Special Event on October 20, 2010.
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see 'Apple Security Updates'.
OS X Lion v10.7.3 and Security Update 2012-001
Address Book
Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: An attacker in a privileged network position may intercept CardDAV data
Description: Address Book supports Secure Sockets Layer (SSL) for accessing CardDAV. A downgrade issue caused Address Book to attempt an unencrypted connection if an encrypted connection failed. An attacker in a privileged network position could abuse this behavior to intercept CardDAV data. This issue is addressed by not downgrading to an unencrypted connection without user approval.
CVE-ID
CVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation
Apache
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Multiple vulnerabilities in Apache
Description: Apache is updated to version 2.2.21 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/
CVE-ID
CVE-2011-3348
Apache
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Apache disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by providing a configuration parameter to control the countermeasure and enabling it by default.
CVE-ID
CVE-2011-3389
ATS
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Opening a maliciously crafted font in Font Book may lead to an unexpected application termination or arbitrary code execution
Description: A memory management issue existed in ATS' handling ofs handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers. This issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-3447 : Erling Ellingsen of Facebook
ColorSync
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day Initiative
CoreAudio
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of AAC encoded audio streams. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-3252 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
CoreMedia
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in CoreMedia's handling of H.264 encoded movie files.
CVE-ID
CVE-2011-3448 : Scott Stender of iSEC Partners
CoreText
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue existed in the handling of font files.
CVE-ID
CVE-2011-3449 : Will Dormann of the CERT/CC
CoreUI
Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution
Description: An unbounded stack allocation issue existed in the handling of long URLs. This issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-3450 : Ben Syverson
curl
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: A remote server may be able to impersonate clients via GSSAPI requests
Description: When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This issue is addressed by disabling GSSAPI credential delegation.
CVE-ID
CVE-2011-2192
Data Security
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information
Description: Two certificate authorities in the list of trusted root certificates have independently issued intermediate certificates to DigiCert Malaysia. DigiCert Malaysia has issued certificates with weak keys that it is unable to revoke. An attacker with a privileged network position could intercept user credentials or other sensitive information intended for a site with a certificate issued by DigiCert Malaysia. This issue is addressed by configuring default system trust settings so that DigiCert Malaysia's certificates are not trusted. We would like to acknowledge Bruce Morton of Entrust, Inc. for reporting this issue.
dovecot
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Dovecot disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling the countermeasure.
CVE-ID
CVE-2011-3389 : Apple
filecmds
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Decompressing a maliciously crafted compressed file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the 'uncompress' command line tool.
CVE-ID
CVE-2011-2895
Serious Tennis 1.0 Mac Os Download
ImageIO
Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue is addressed by updating libtiff to version 3.9.5.
CVE-ID
CVE-2011-1167
ImageIO
Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Multiple vulnerabilities in libpng 1.5.4
Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html
CVE-ID
CVE-2011-3328
Internet Sharing
Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: A Wi-Fi network created by Internet Sharing may lose security settings after a system update
Description: After updating to a version of OS X Lion prior to 10.7.3, the Wi-Fi configuration used by Internet Sharing may revert to factory defaults, which disables the WEP password. This issue only affects systems with Internet Sharing enabled and sharing the connection to Wi-Fi. This issue is addressed by preserving the Wi-Fi configuration during a system update.
CVE-ID
CVE-2011-3452 : an anonymous researcher
Libinfo
Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information
Description: An issue existed in Libinfo's handling of hostname lookup requests. Libinfo could return incorrect results for a maliciously crafted hostname. This issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-3441 : Erling Ellingsen of Facebook
libresolv
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Applications that use OS X's libresolv library may be vulnerable to an unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the parsing of DNS resource records, which may lead to heap memory corruption.
CVE-ID
CVE-2011-3453 : Ilja van Sprundel of IOActive
libsecurity
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Some EV certificates may be trusted even if the corresponding root has been marked as untrusted
Description: The certificate code trusted a root certificate to sign EV certificates if it was on the list of known EV issuers, even if the user had marked it as 'Never Trust' in Keychain. The root would not be trusted to sign non-EV certificates.
CVE-ID
CVE-2011-3422 : Alastair Houghton
OpenGL
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Applications that use OS X's OpenGL implementation may be vulnerable to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the handling of GLSL compilation.
CVE-ID
CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and Marc Schoenefeld of the Red Hat Security Response Team
PHP
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Multiple vulnerabilities in PHP 5.3.6
Description: PHP is updated to version 5.3.8 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net
CVE-ID
CVE-2011-1148
CVE-2011-1657
CVE-2011-1938
CVE-2011-2202
CVE-2011-2483
CVE-2011-3182
CVE-2011-3189
CVE-2011-3267
CVE-2011-3268
PHP
Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.7. Further information is available via the FreeType site at http://www.freetype.org/
CVE-ID
CVE-2011-3256 : Apple
PHP
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Multiple vulnerabilities in libpng 1.5.4
Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html
CVE-ID
CVE-2011-3328
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Opening a maliciously crafted MP4 encoded file may lead to an unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue existed in the handling of MP4 encoded files.
CVE-ID
CVE-2011-3458 : Luigi Auriemma and pa_kt both working with TippingPoint's Zero Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A signedness issue existed in the handling of font tables embedded in QuickTime movie files.
CVE-ID
CVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: An off by one buffer overflow existed in the handling of rdrf atoms in QuickTime movie files.
CVE-ID
CVE-2011-3459 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of JPEG2000 files.
CVE-ID
CVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of PNG files.
CVE-ID
CVE-2011-3460 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of FLC encoded movie files
CVE-ID
CVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
SquirrelMail
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Multiple vulnerabilities in SquirrelMail
Description: SquirrelMail is updated to version 1.4.22 to address several vulnerabilities, the most serious of which is a cross-site scripting issue. This issue does not affect OS X Lion systems. Further information is available via the SquirrelMail web site at http://www.SquirrelMail.org/
CVE-ID
CVE-2010-1637
CVE-2010-2813
CVE-2010-4554
CVE-2010-4555
CVE-2011-2023
Subversion
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Accessing a Subversion repository may lead to the disclosure of sensitive information
Description: Subversion is updated to version 1.6.17 to address multiple vulnerabilities, the most serious of which may lead to the disclosure of sensitive information. Further information is available via the Subversion web site at http://subversion.apache.org/
CVE-ID
CVE-2011-1752
CVE-2011-1783
CVE-2011-1921
Time Machine
Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: A remote attacker may access new backups created by the user's system
Description: The user may designate a remote AFP volume or Time Capsule to be used for Time Machine backups. Time Machine did not verify that the same device was being used for subsequent backup operations. An attacker who is able to spoof the remote volume could gain access to new backups created by the user's system. This issue is addressed by verifying the unique identifier associated with a disk for backup operations.
CVE-ID
CVE-2011-3462 : Michael Roitzsch of the Technische Universität Dresden
Tomcat
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Multiple vulnerabilities in Tomcat 6.0.32
Description: Tomcat is updated to version 6.0.33 to address multiple vulnerabilities, the most serious of which may lead to the disclosure of sensitive information. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at http://tomcat.apache.org/
CVE-ID
CVE-2011-2204
Serious Tennis 1.0 Mac Osx
WebDAV Sharing
Available for: OS X Lion Server v10.7 to v10.7.2
Impact: Local users may obtain system privileges
Description: An issue existed in WebDAV Sharing's handling of user authentication. A user with a valid account on the server or one of its bound directories could cause the execution of arbitrary code with system privileges. This issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-3463 : Gordon Davisson of Crywolf
Webmail
Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Viewing a maliciously crafted e-mail message may lead to the disclosure of message content
Description: A cross-site scripting vulnerability existed in the handling of mail messages. This issue is addressed by updating Roundcube Webmail to version 0.6. This issue does not affect systems prior to OS X Lion. Further information is available via the Roundcube site at http://trac.roundcube.net/
CVE-ID
CVE-2011-2937
Serious Tennis 1.0 Mac Os 7
X11
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.7. Further information is available via the FreeType site at http://www.freetype.org/
CVE-ID
CVE-2011-3256 : Apple