Mac OS X 10.6 gets man in the middle vulnerability patch

Rectifies format string issues in certain OS X versions that can be used for code execution exploits.

Apple has issued a PackageKit update which solves existing vulnerabilities in Mac OS X versions 10.6 and later. The vulnerability in PackageKit’s distribution format strings can be used by attackers to cause application termination or arbitrary code execution.

The vulnerability is usually exploited when Software Update checks for new updates. Apple claims to have addressed this issue through improved validation of distribution scripts. The update (CVE-2010-4013) is available for Mac OS X v10.6 through v10.6.5, Mac OS X Server v10.6 through v10.6.5.

Read more on Hackers and cybercrime prevention

SearchCIO
SearchSecurity
SearchNetworking
SearchDataCenter
SearchDataManagement
Close