Apple released OS X Lion v10.7.3 and the Security Update 2012-001 to address some vulnerabilities in various components.
All the fixes are important, but these can have a direct negative effect on your personal privacy and security because they can be very easily exploited:
- Address book – An attacker in a privileged network position may intercept CardDAV data
- Apache web server – An attacker may be able to decrypt data protected by SSL and other vulnerabilities
- CFNetwork – Visiting a maliciously crafted website may lead to the disclosure of sensitive information
- Data Security – An attacker with a privileged network position may intercept user credentials or other sensitive information
- Internet Sharing – A Wi-Fi network created by Internet Sharing may lose security settings after a system update
- Time Machine – A remote attacker may access new backups created by the user’s system
- WebDAV Sharing – Local users may obtain system privileges
For a full list of the addressed vulnerabilities and the products which are affected please check Apple Security Updates web site: http://support.apple.com/kb/HT1222 .
Sorin Mustaca
Leave a reply
