Alert GCSA-11072 - Apple OS X Lion v10.7.2 and Security Update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11072
Data : 17 ottobre 2011
Titolo : Apple OS X Lion v10.7.2 and Security Update 2011-006
******************************************************************
:: Descrizione del problema
Apple ha rilasciato il Security Update 2011-006 che corregge
varie vulnerabilita' presenti nel sistema operativo Mac OS X
ed in alcune applicazioni distribuite insieme al sistema stesso.
Contemporaneamente e' stata rilasciata la versione 10.7.2
del sistema operativo OS X che risolve le stesse vulnerabilita'.
Per una descrizione completa delle vulnerabilita' consultare
la segnalazione ufficiale.
:: Software interessati
Mac OS X 10.6.8 e precedenti
Mac OS X Server 10.6.8 e precedenti
Mac OS X 10.7, 10.7.1 e precedenti
Mac OS X Server 10.7, 10.7.1 e precedenti
:: Impatto
Security Bypass
Cross Site Scripting
Spoofing
Privilege escalation
Denial of Service
Accesso al sistema
Esposizione dei dati del sistema
Esposizione di informazioni sensibili
:: Soluzione
Aggiornare Mac OS X alla versione 10.7.2
oppure applicare il Security Update 2011-006.
L'utilita' Software Update presentera' l'aggiornamento
piu' adatto alla configurazione in uso.
http://www.apple.com/support/downloads/
Mac OS X: Updating your software
http://support.apple.com/kb/HT1338
:: Riferimenti
Apple Security Advisory for OS X Lion v10.7.2 and Security Update 2011-006
http://support.apple.com/kb/HT5002
Apple Mailing List APPLE-SA-2011-10-12-3
http://lists.apple.com/archives/security-announce/2011/Oct/msg00003.html
ISC SANS Critical OS X Vulnerability Patched
http://isc.sans.edu/diary.html?storyid=11797
Secunia
http://secunia.com/advisories/46417/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0707
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3437
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTpwrm/OB+SpikaiRAQLVUwQAgRNtS+t1BM/iq4EE4O0U/s3pbxpvKc5v
vQtCtmsmp2Cp1cA+dvqhyP2oDadK33jYaSeeaSyN0KFpLrLHyLEMuNxXjQmnioCB
ZJom+s1enLLnYjMgQyTJfDiYW8GHhjO/e7lgZ4TahR7nm4Je5UsRifhIFX/c57lz
omhnYIHMuFA=
=YEPk
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11072
Data : 17 ottobre 2011
Titolo : Apple OS X Lion v10.7.2 and Security Update 2011-006
******************************************************************
:: Descrizione del problema
Apple ha rilasciato il Security Update 2011-006 che corregge
varie vulnerabilita' presenti nel sistema operativo Mac OS X
ed in alcune applicazioni distribuite insieme al sistema stesso.
Contemporaneamente e' stata rilasciata la versione 10.7.2
del sistema operativo OS X che risolve le stesse vulnerabilita'.
Per una descrizione completa delle vulnerabilita' consultare
la segnalazione ufficiale.
:: Software interessati
Mac OS X 10.6.8 e precedenti
Mac OS X Server 10.6.8 e precedenti
Mac OS X 10.7, 10.7.1 e precedenti
Mac OS X Server 10.7, 10.7.1 e precedenti
:: Impatto
Security Bypass
Cross Site Scripting
Spoofing
Privilege escalation
Denial of Service
Accesso al sistema
Esposizione dei dati del sistema
Esposizione di informazioni sensibili
:: Soluzione
Aggiornare Mac OS X alla versione 10.7.2
oppure applicare il Security Update 2011-006.
L'utilita' Software Update presentera' l'aggiornamento
piu' adatto alla configurazione in uso.
http://www.apple.com/support/downloads/
Mac OS X: Updating your software
http://support.apple.com/kb/HT1338
:: Riferimenti
Apple Security Advisory for OS X Lion v10.7.2 and Security Update 2011-006
http://support.apple.com/kb/HT5002
Apple Mailing List APPLE-SA-2011-10-12-3
http://lists.apple.com/archives/security-announce/2011/Oct/msg00003.html
ISC SANS Critical OS X Vulnerability Patched
http://isc.sans.edu/diary.html?storyid=11797
Secunia
http://secunia.com/advisories/46417/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0707
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3437
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTpwrm/OB+SpikaiRAQLVUwQAgRNtS+t1BM/iq4EE4O0U/s3pbxpvKc5v
vQtCtmsmp2Cp1cA+dvqhyP2oDadK33jYaSeeaSyN0KFpLrLHyLEMuNxXjQmnioCB
ZJom+s1enLLnYjMgQyTJfDiYW8GHhjO/e7lgZ4TahR7nm4Je5UsRifhIFX/c57lz
omhnYIHMuFA=
=YEPk
-----END PGP SIGNATURE-----