Re: Today's OS X Security Update & ColorSync
Re: Today's OS X Security Update & ColorSync
- Subject: Re: Today's OS X Security Update & ColorSync
- From: Martin Orpen <email@hidden>
- Date: Wed, 26 Jan 2005 00:40:06 +0000
on 26/1/05 12:35 am, Gary Smith wrote:
> Does anyone have any info about today's Security Update for OS X
> 10.3.7 & 10.2.8? I'm curious as to what the vulnerability that
> involved ColorSync was (is).
Read the documentation:
> ▪ Component: ColorSync
> Available for: Mac OS X v10.3.7, Mac OS X Server v10.3.7, Mac OS X v10.2.8,
> Mac OS X Server v10.2.8
> CVE-ID: CAN-2005-0126
> Impact: Malformed ICC color profiles could overwrite the program heap,
> resulting in arbitrary code execution.
> Description: An out-of-specification or improperly embedded ICC color profile
> could overwrite the program heap and allow arbitrary code execution. There are
> no known exploits for this issue. With this update, ColorSync will reject
> incorrectly-formed ICC color profiles.
>
<http://docs.info.apple.com/article.html?artnum=300770>
--
Martin Orpen
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Colorsync-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden