Otkriven je sigurnosni nedostatak vezan uz Mac OS X i Mac OS X Server, točnije programski paket PackageKit. Radi se o besplatnom paketu koji se koristi za upravljanje (instaliranje i ažuriranje) programskim paketima na operacijskom sustavu. Ranjivost se javlja zbog neispravnog upravljanja skriptama u paketu PackageKit. Napadač ranjivost može iskoristiti za izvođenje napada uskraćivanjem usluga (DoS napad) i pokretanje proizvoljnog programskog koda. Svim korisnicima se savjetuje prelazak na najnoviju inačicu.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2011-01-06-1 Mac OS X v10.6.6

Mac OS X v10.6.6 is now available and addresses the following:

PackageKit
CVE-ID:  CVE-2010-4013
Available for:  Mac OS X v10.6 through v10.6.5,
Mac OS X Server v10.6 through v10.6.5
Impact:  A man-in-the-middle attacker may be able to cause an
unexpected application termination or arbitrary code execution
Description:  A format string issue exists in PackageKit's handling
of distribution scripts. A man-in-the-middle attacker may be able to
cause an unexpected application termination or arbitrary code
execution when Software Update checks for new updates. This issue is
addressed through improved validation of distribution scripts. This
issue does not affect systems prior to Mac OS X v10.6. Credit to
Aaron Sigel of vtty.com for reporting this issue.


Mac OS X Server v10.6.6 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/


For Mac OS X v10.6.5
The download file is named: MacOSXUpd10.6.6.dmg
Its SHA-1 digest is: 299d22132bebdab229be531e169d65a88f4736c9

For Mac OS X v10.6 - v10.6.4
The download file is named: MacOSXUpdCombo10.6.6.dmg
Its SHA-1 digest is: 868768cbc88db1895161f74030e98e8ce2303151

For Mac OS X Server v10.6.5
The download file is named: MacOSXServerUpd10.6.6.dmg
Its SHA-1 digest is: 2f202fcbe27fa54ddd2fb8aaa5b4aa9b055301e2

For Mac OS X Server v10.6 - v10.6.4
The download file is named: MacOSXServUpdCombo10.6.6.dmg
Its SHA-1 digest is: 3d051d91a8ffe4d25b95378eb7385e94a64fc71c


Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJNJeeXAAoJEGnF2JsdZQeeV7UIAJTPFZz+mQMIdlrS7TlRpsdv
Hvz3O/9sj/czbpBs/EcAIk75vRNcGqI/NYCAbf+5VNHt8ALuJkXuRidIjIPvy8sV
Sq7tiNRySzD2kzjCvFXxqcWRewsfD1JWtPoV6HgL6PAHZF7KEQfCH54UI/Ka8h3U
XAoRRXWhKdDuBsO0W2mJFrZEwgihb3aetY1SHYX2yX9K1ccVy29vznAfWTKNeS3w
z4MBJV9OdufqpJEEe6sWC4zpZgiCBkDvNgxYujRoJYPujOajvb94HeBkl3hnSsLV
9X02Y/VQ0VRWPxtCCnIwbvXyv7A5AR/BeDX56fxNIyrJHNE65vIOjM+um5EmVPo=
=eHtZ
-----END PGP SIGNATURE-----
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/lss.advisory%40gmail.com

This email sent to Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

Idi na vrh