This issue is mitigated as most EV certificates specify an OCSP URL.ĬVE-2011-0199 : Chris Hawk and Wan-Teh Chang of Google If an Extended Validation (EV) certificate has no OCSP URL, and CRL checking is enabled, the CRL will not be checked and a revoked certificate may be accepted as valid. Impact: An attacker with a privileged network position may intercept user credentials or other sensitive informationĭescription: An error handling issue existed in the Certificate Trust Policy. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.ĬVE-2011-0198 : Harry Sintonen, Marc Schoenefeld of the Red Hat Security Response Team Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code executionĭescription: A heap buffer overflow issue existed in the handling of TrueType fonts.
This issue is addressed through improved handling of credentials.Īvailable for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7 Impact: The user's AppleID password may be logged to a local fileĭescription: In certain circumstances, App Store may log the user's AppleID password to a file that is not readable by other users on the system. This issue does not affect Mac OS X v10.6Īvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7 When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset. Impact: When connected to Wi-Fi, an attacker on the same network may be able to cause a system resetĭescription: An out of bounds memory read issue existed in the handling of Wi-Fi frames. Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
0 kommentar(er)
