Professional Webmasters Community
Would you like to react to this message? Create an account in a few clicks or log in to continue.
Professional Webmasters Community

your are free to explore your reviews, thoughts, suggestion and guidelines on every online tech talk.


Apple ColorSync heap overflow

Professional Webmasters Community :: Webmaster Speak :: Tech Talk

Go down

Apple ColorSync heap overflow Empty Apple ColorSync heap overflow

Post  andry Thu Oct 14, 2010 1:26 am

Apple released the Mac OS X 10.5.8 update, which includes security fixes:

http://support.apple.com/kb/HT3757

One of the fixes is for a heap-based buffer overflow in the ColorSync component (which handles the parsing of ICC profiles). Limited details are here:

http://scary.beasts.org/security/CESA-2009-011.html

This vulnerability could likely be used to execute arbitrary code in contexts such as Safari browsing to a malicious page. Mail clients (both web-based and local client based) might make an interesting target.

This was discovered because the test case for my earlier LittleCMS (lcms) vulnerabilities happens to crash Safari when you hit it:

https://cevans-app.appspot.com/static/CVE-2009-0733.jpg
andry
andry
Moderator
Moderator

Posts : 467
Join date : 2010-05-07

Back to top Go down

Back to top

- Similar topics

Professional Webmasters Community :: Webmaster Speak :: Tech Talk

 
Permissions in this forum:
You cannot reply to topics in this forum