Release date:
Updated on: 2012-04-10
Affected Systems:
Apple Mac OS X <10.7.3
Apple Mac OS X Server <10.7.3
Unaffected system:
Apple Mac OS X 10.7.3
Apple Mac OS X Server 10.7.3
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51814
Cve id: CVE-2011-3460
Mac OS is an operating system running on Apple's Macintosh series computers.
Apple Mac OS X triggers a specific vulnerability when allocating space for video decoding in .png format. When calculating the surface space, the application will trust the bit depth in the MediaVideo header. During the decoding process, the application will write outside the boundaries of the surface, and there is a buffer overflow vulnerability in implementation. After successful exploitation, attackers can execute arbitrary code. Affected Versions: Mac OS x 10.6.8, Mac OS x Server 10.6.8, Mac OS x 10.7-10.7.2, and Mac OS X Server 10.7-10.7.2.
<* Source: Luigi Auriemma (aluigi@pivx.com)
Link: http://www.zerodayinitiative.com/advisories/ZDI-12-058/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apple
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://support.apple.com/