Mac OS X 10.6 gets man in the middle vulnerability patch

Rectifies format string issues in certain OS X versions that can be used for code execution exploits.

Apple has issued a PackageKit update which solves existing vulnerabilities in Mac OS X versions 10.6 and later. The vulnerability in PackageKit’s distribution format strings can be used by attackers to cause application termination or arbitrary code execution.

The vulnerability is usually exploited when Software Update checks for new updates. Apple claims to have addressed this issue through improved validation of distribution scripts. The update (CVE-2010-4013) is available for Mac OS X v10.6 through v10.6.5, Mac OS X Server v10.6 through v10.6.5.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close