Monday, December 15, 2008

Mac OS X Update - 10.5.6

Apple has released an update for OS X - it addresses several severe security issues. 

Please run a Software Update and grab it today!

Security Issues addressed
  • Apple Type Services (ATS) server PDF embedded font handling issue (CVE-ID: CVE-2008-4236)
  • Arbitrary code execution in BOM (CVE-ID: CVE-2008-4217)
  • Heap buffer overflow in CoreGraphics' handling of color spaces (CVE-ID: CVE-2008-3623)
  • Possible user credential disclosure in Safari (CVE-ID: CVE-2008-3170)
  • Enhanced download validation capability, previously warnings were not displayed for all unsafe download content types, this allowed for arbitrary code/command execution (CVE-ID: CVE-2008-4234)
  • Multiple vulnerabilities in the Adobe Flash player plugin (CVE-IDs: CVE-2008-4818, CVE-2008-4819, CVE-2008-4820, CVE-2008-4821, CVE-2008-4822, CVE-2008-4823, CVE-2008-4824)
  • Local privilege escalation issue due to integer overflows in the kernel's i386_get_ldt and i386_get_ldt system calls (affects Intel based machines only) (CVE-ID: CVE-2008-4218)
  • Infinite loop when an exception occurs in a program (or dylib) which resides on an NFS share (CVE-ID: CVE-2008-4219)
  • Integer overflow in the LibSystem inet_net_pton function -> this could affect any program which uses that function (CVE-ID: CVE-2008-4220)
  • Memory corruption issue in the strptime function of LibSystem (CVE-ID: CVE-2008-4221)
  • Multiple integer overflows in the strfmon function of LibSystem (CVE-ID: CVE-2008-1391)
  • Per host configuration in managed client system installs sometimes incorrectly identifies the system (CVE-ID: CVE-2008-4237)
  • natd infinite loop due to a maliciously crafted TCP packet -> only affects systems with the Internet Sharing service enabled (CVE-ID: CVE-2008-4222)
  • Authentication bypass in Podcast Producer (OS X server only) (CVE-ID: CVE-2008-4223)
  • Input validation issue when handling malformed UDF volumes, ISO files. Opening a malformed volume may cause an unexpected syustem shutdown. (CVE-ID: CVE-2008-4224)

Information from Apple here .

Note: All CVE IDs will be linked to their respective pages once they become available.

Wednesday, December 10, 2008

Snow Leopard

Just a quick note to let you all know that we're testing iAntiVirus on Snow Leopard, and apart from a minor installer issue there have been no problems so far! :)

iAntiVirus v1.3 - in testing

Hi everyone,

It's been quite a while since I've posted on this blog, but that's because I've been busy working on the next version of iAntVirus!  The upcoming version has interface improvements, a smaller footprint, and a number of under-the-hood enhancements which will allow really cool additions and new features further down the line... 

Here are some screenshots: