Alert GCSA-12008 - Apple OS X Lion v10.7.3 and Security Update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12008
Data : 03 Febbraio 2012
Titolo : Apple OS X Lion v10.7.3 and Security Update 2012-001
******************************************************************
:: Descrizione del problema
Apple ha rilasciato il Security Update 2012-001 che corregge
varie vulnerabilita' presenti nel sistema operativo Mac OS X
ed in alcune applicazioni distribuite insieme al sistema stesso.
Contemporaneamente e' stata rilasciata la versione 10.7.3
del sistema operativo OS X che risolve le stesse vulnerabilita'.
Per una descrizione completa delle vulnerabilita' consultare
la segnalazione ufficiale.
:: Software interessati
Mac OS X 10.6.8 e precedenti
Mac OS X Server 10.6.8 e precedenti
Mac OS X 10.7, 10.7.2 e precedenti
Mac OS X Server 10.7, 10.7.2 e precedenti
:: Impatto
Security Bypass
Cross Site Scripting
Spoofing
Privilege escalation
Denial of Service
Accesso al sistema
Esposizione dei dati del sistema
Esposizione di informazioni sensibili
:: Soluzione
Aggiornare Mac OS X alla versione 10.7.3
oppure applicare il Security Update 2012-001.
L'utilita' Software Update presentera' l'aggiornamento
piu' adatto alla configurazione in uso.
http://www.apple.com/support/downloads/
Mac OS X: Updating your software
http://support.apple.com/kb/HT5130
:: Riferimenti
Apple Security Advisory for OS X Lion v10.7.2 and Security Update
2012-001
http://support.apple.com/kb/HT5130
http://support.apple.com/kb/HT5048
Apple Mailing List APPLE-SA-2011-10-12-3
http://lists.apple.com/archives/security-announce/2012/Feb/msg00001.html
ISC SANS Critical OS X Vulnerability Patched
http://isc.sans.edu/diary.html?storyid=12502
Secunia
http://secunia.com/advisories/47843/
SecurityFocus
http://www.securityfocus.com/bid/51798
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3463
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTyvYpPOB+SpikaiRAQKe0wQAzQ91XZwi7GDu5j/vuSixfPZoh7HHHin/
8uLvlKquk3er8yWHXBDrQIFqiJ3MmBWe3d0mNZdukAsbqFUeoWjDCKeg9n/b2Qa7
lsvf/Rs07knQDfz8fY/Szyy6hyiCPQg/WvWRZp5GydBwT08XduFJBA/3ZZi2tacL
/iWKxgZGa3c=
=1RZ1
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12008
Data : 03 Febbraio 2012
Titolo : Apple OS X Lion v10.7.3 and Security Update 2012-001
******************************************************************
:: Descrizione del problema
Apple ha rilasciato il Security Update 2012-001 che corregge
varie vulnerabilita' presenti nel sistema operativo Mac OS X
ed in alcune applicazioni distribuite insieme al sistema stesso.
Contemporaneamente e' stata rilasciata la versione 10.7.3
del sistema operativo OS X che risolve le stesse vulnerabilita'.
Per una descrizione completa delle vulnerabilita' consultare
la segnalazione ufficiale.
:: Software interessati
Mac OS X 10.6.8 e precedenti
Mac OS X Server 10.6.8 e precedenti
Mac OS X 10.7, 10.7.2 e precedenti
Mac OS X Server 10.7, 10.7.2 e precedenti
:: Impatto
Security Bypass
Cross Site Scripting
Spoofing
Privilege escalation
Denial of Service
Accesso al sistema
Esposizione dei dati del sistema
Esposizione di informazioni sensibili
:: Soluzione
Aggiornare Mac OS X alla versione 10.7.3
oppure applicare il Security Update 2012-001.
L'utilita' Software Update presentera' l'aggiornamento
piu' adatto alla configurazione in uso.
http://www.apple.com/support/downloads/
Mac OS X: Updating your software
http://support.apple.com/kb/HT5130
:: Riferimenti
Apple Security Advisory for OS X Lion v10.7.2 and Security Update
2012-001
http://support.apple.com/kb/HT5130
http://support.apple.com/kb/HT5048
Apple Mailing List APPLE-SA-2011-10-12-3
http://lists.apple.com/archives/security-announce/2012/Feb/msg00001.html
ISC SANS Critical OS X Vulnerability Patched
http://isc.sans.edu/diary.html?storyid=12502
Secunia
http://secunia.com/advisories/47843/
SecurityFocus
http://www.securityfocus.com/bid/51798
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3463
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTyvYpPOB+SpikaiRAQKe0wQAzQ91XZwi7GDu5j/vuSixfPZoh7HHHin/
8uLvlKquk3er8yWHXBDrQIFqiJ3MmBWe3d0mNZdukAsbqFUeoWjDCKeg9n/b2Qa7
lsvf/Rs07knQDfz8fY/Szyy6hyiCPQg/WvWRZp5GydBwT08XduFJBA/3ZZi2tacL
/iWKxgZGa3c=
=1RZ1
-----END PGP SIGNATURE-----