This issue is addressed by updating freshclam’s launchd plist ProgramArguments key values. This may prevent virus definitions from being updated.
JAVA FOR MAC OS X 10.6.3 UPDATE
Impact: ClamAV virus definitions may not receive updatesĭescription: A configuration issue introduced in Security Update 2009-005 prevents freshclam from running. This issue is addressed by updating Apache to version 2.2.14. A remote attacker with the ability to issue requests through the proxy may be able to bypass access control restrictions specified in the Apache configuration. Impact: A remote attacker may be able to bypass access control restrictionsĭescription: An input validation issue exists in Apache’s handling of proxied FTP requests. Credit to Patrik Karlsson of for reporting this issue. This issue is addressed through improved handling of file paths. A remote user may enumerate the parent directory of the share root, and read or write files within that directory that are accessible to the ‘nobody’ user. Impact: A remote user with guest access to an AFP share may access the contents of world-readable files outside the Public shareĭescription: A directory traversal issue exists in the path validation for AFP shares. This issue is addressed through improved access control checks. Impact: When guest access is disabled, a remote user may be able to mount AFP shares as a guestĭescription: An access control issue in AFP Server may allow a remote user to mount AFP shares as a guest, even if guest access is disabled. Credit to Michael Kisor of for reporting this issue.Īvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2 This issue does not affect Mac OS X v10.6 systems. The issue is addressed through improved handling of Firewall rules. Impact: Certain rules in the Application Firewall may become inactive after restartĭescription: A timing issue in the Application Firewall may cause certain rules to become inactive after reboot. This issue is addressed through improved bounds checking.
JAVA FOR MAC OS X 10.6.3 CODE
Spell checking a maliciously crafted document may lead to an unexpected application termination or arbitrary code execution.
Impact: Spell checking a maliciously crafted document may lead to an unexpected application termination or arbitrary code executionĭescription: A buffer overflow exists in the spell checking feature used by Cocoa applications. The issues range from buffer flow errors that could allow the bad guys to take over your Mac to an issue that could allow an unauthorized user to publish something through the Wiki engine built into Mac OS X.Īvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
In addition to the many bug fixes and other improvements, the update also includes no fewer than 69 security fixes, many of which fall in the category of serious issues. Apple released Mac OS X 10.6.3 earlier Monday.