Apple Mac OS X (CVE-2012-0654) Memory Corruption Vulnerability
BID:53471
Info
Apple Mac OS X (CVE-2012-0654) Memory Corruption Vulnerability
| Bugtraq ID: | 53471 |
| Class: | Design Error |
| CVE: |
CVE-2012-0654 |
| Remote: | Yes |
| Local: | No |
| Published: | May 11 2012 12:00AM |
| Updated: | May 11 2012 12:00AM |
| Credit: | Dirk-Willem van Gulik of WebWeaving.org, Guilherme Prado of Conselho da Justica Federal, Ryan Sleevi of Google |
| Vulnerable: |
Apple Mac OS X Server 10.6.6 Apple Mac OS X Server 10.6.5 Apple Mac OS X Server 10.6.5 Apple Mac OS X Server 10.6.4 Apple Mac OS X Server 10.6.3 Apple Mac OS X Server 10.6.2 Apple Mac OS X Server 10.6.1 Apple Mac Os X Server 10.7.2 Apple Mac Os X Server 10.7.1 Apple Mac Os X Server 10.7 Apple Mac Os X Server 10.6.8 Apple Mac Os X Server 10.6.7 Apple Mac OS X Server 10.6 Apple Mac OS X 10.6.5 Apple Mac OS X 10.6.4 Apple Mac OS X 10.6.3 Apple Mac OS X 10.6.2 Apple Mac OS X 10.6.1 Apple Mac Os X 10.7.2 Apple Mac Os X 10.7.1 Apple Mac OS X 10.6 |
| Not Vulnerable: |
Apple Mac Os X Server 10.7.4 Apple Mac Os X 10.7.4 |
Discussion
Apple Mac OS X (CVE-2012-0654) Memory Corruption Vulnerability
Apple Mac OS X is prone to a remote memory corruption vulnerability that affects the 'libsecurity' component.
Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts may cause denial-of-service conditions.
Note: This issue was previously discussed in BID 53445 (Apple Mac OS X Security Update 2012-002 Multiple Security Vulnerabilities) but has been given its own record to better document it.
Apple Mac OS X is prone to a remote memory corruption vulnerability that affects the 'libsecurity' component.
Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts may cause denial-of-service conditions.
Note: This issue was previously discussed in BID 53445 (Apple Mac OS X Security Update 2012-002 Multiple Security Vulnerabilities) but has been given its own record to better document it.
Exploit / POC
Apple Mac OS X (CVE-2012-0654) Memory Corruption Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Apple Mac OS X (CVE-2012-0654) Memory Corruption Vulnerability
Solution:
The vendor has released an advisory and fixes. Please see the references for details.
Apple Mac Os X Server 10.7.2
Apple Mac Os X Server 10.6.8
Apple Mac Os X 10.7.1
Apple Mac Os X 10.7.2
Apple Mac Os X Server 10.7.1
Apple Mac Os X Server 10.7
Solution:
The vendor has released an advisory and fixes. Please see the references for details.
Apple Mac Os X Server 10.7.2
-
Apple MacOSXServerUpdCombo10.7.4.dmg
For OS X Lion Server v10.7 and v10.7.2
http://www.apple.com/support/downloads/
Apple Mac Os X Server 10.6.8
-
Apple SecUpdSrvr2012-002.dmg
For Mac OS X Server v10.6.8
http://www.apple.com/support/downloads/
Apple Mac Os X 10.7.1
-
Apple MacOSXUpdCombo10.7.4.dmg
For OS X Lion v10.7 and v10.7.2
http://www.apple.com/support/downloads/
Apple Mac Os X 10.7.2
-
Apple MacOSXUpdCombo10.7.4.dmg
For OS X Lion v10.7 and v10.7.2
http://www.apple.com/support/downloads/
Apple Mac Os X Server 10.7.1
-
Apple MacOSXServerUpdCombo10.7.4.dmg
For OS X Lion Server v10.7 and v10.7.2
http://www.apple.com/support/downloads/
Apple Mac Os X Server 10.7
-
Apple MacOSXServerUpdCombo10.7.4.dmg
For OS X Lion Server v10.7 and v10.7.2
http://www.apple.com/support/downloads/
References
Apple Mac OS X (CVE-2012-0654) Memory Corruption Vulnerability
References:
References:
- Mac OS X Homepage (Apple)