Apple Releases Mac OS X version 10.6.7, Mitigates Bugs

Recently, Apple released version 10.6.7 for Mac OS X.

Albuquerque, NM (prHWY.com) March 23, 2011 - Recently, Apple released version 10.6.7 for Mac OS X. The latest update by Apple mitigates several security vulnerabilities related to various components. The vulnerabilities are associated with Airport, Apache, ATS, bzip2, CarbonCore, ClaimAV, Core Text, HFS, File Quarantine, ImageIO, Image RAW, Installer, Kerberos, Kernel, Libinfo, libxml, Mailman, PHP, QuickLook, QuickTime, Ruby, Samba, Subversion, Terminal and X11.

The security update disallows the creation of call gate i386_set_ldt() to mitigate a privilege escalation issue in Kernel, which allows a local user to execute arbitrary code with system privileges. The update resolves an integer truncation issue in the way Libinfo manages NFS RPC packets. The vulnerability could allow a remote attacker to make some NFS RPC packets unresponsive through denial of service on hosts that export these packets.

The update resolves a memory corruption issue and double free issue in libxml, which could have caused arbitrary code execution or unexpected termination of application on visiting a malicious website. Mailman has been updated to version 2.1.14 to mitigate several cross-site scripting vulnerabilities, which existed in the earlier version 2.1.13. The security update resolves memory corruption issues in the Quick Look's handling of Microsoft Office files, which may lead to arbitrary code execution or application termination on downloading maliciously crafted Office file. The update mitigates a stack buffer overflow issue in the way Samba manages Windows security IDs. The issue allows attackers to execute arbitrary code or cause denial of service, if SMB file sharing is enable.

FreeType has been updated to version 2.4.3 to address several vulnerabilities, which could allow arbitrary code execution on processing a maliciously crafted font. The update resolves a security flaw in AirPort related to handling of Wi-Fi frames. The flaw may enable an attacker on the same Wi-Fi network to cause system reset.

Usually, IT professionals qualified in masters of security science, penetration testing and other security certifications detect and resolve security weaknesses. In this case, security researchers affiliated to various organizations such as Google, TippingPoint, Mozilla, NGS Secure, University of Delaware and Verisign identified the security flaws.

Vulnerabilities in software products are common and may be caused by coding errors, design flaws, changes in technology and human errors among others. Security professionals are required to constantly update their skills through training programs, online degree and e-learning programs.

While developers face the challenge of constant innovation and product development, cybercriminals are always on the lookout to exploit vulnerabilities. Developers may also encourage IT professionals to undertake security certifications such as certified secure programmer and online university degree programs to enhance their technical skills consistent with the changes in the security environment.

Contact Press

EC-Council
Website: http://www.eccouncil.org
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

###

Tag Words: arbitrary code, call gate, airport, coding errors, denial of service, vulnerabilities, snow leopard, security flaw, mac os x

Categories: Security

Link To This Press Release:

URL HTML Code