- Unexpected (mariothedog) Mac Os X
- Unexpected (mariothedog) Mac Os Update
- Unexpected (mariothedog) Mac Os Download
This document describes the security content of OS X Lion v10.7.2 and Security Update 2011-006, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
The Unexpected Quest. All Discussions Screenshots Artwork Broadcasts Videos News Guides Reviews 0 in Group Chat View Stats. Adventure game with strategy and management elements in a medieval fantasy setting - drawing inspiration from classics such as Warcraft 3 and The Settlers. Unexpected restarts are usually caused by software installed on your Mac, or by devices connected to your Mac. If the issue causes your Mac to restart every time it attempts to start up, your Mac might eventually shut down. Use the steps below to check the software and hardware on your Mac. This error message is the OS's way to saying that your MBP is having a problem managing resources. In other words, one or more application that either conflict or there's too much activity for your computer to handle at once. This message has happened to most users. How do you fix this?
- Question or issue on macOS: I wrote a simple program solving the Readers-Writers problem using semaphores. It runs perfectly on Linux os, but when I run it on my Mac osX I get unexpected results and I can't figure out why. My Program: #include #include #include #include #include void. function1(void. val); void. function2(void. val); //.
- This will never be returned on Mac OS X, because a root control is created automatically if it doesn't already exist the first time any non-root control is created in a window. ErrControlsAlreadyExist = -30589.
For information about the Apple Product Security PGP Key, see 'How to use the Apple Product Security PGP Key.'
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see 'Apple Security Updates'.
OS X Lion v10.7.2 and Security Update 2011-006
Apache
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Multiple vulnerabilities in Apache
Description: Apache is updated to version 2.2.20 to address several vulnerabilities, the most serious of which may lead to a denial of service. CVE-2011-0419 does not affect OS X Lion systems. Further information is available via the Apache web site at http://httpd.apache.org/
CVE-ID
CVE-2011-0419
CVE-2011-3192
Application Firewall
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Executing a binary with a maliciously crafted name may lead to arbitrary code execution with elevated privileges
Description: A format string vulnerability existed in Application Firewall's debug logging.
CVE-ID
CVE-2011-0185 : an anonymous reporter
ATS
Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
Description: A signedness issue existed in ATS' handling of Type 1 fonts. This issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-3437
ATS
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
Description: An out of bounds memory access issue existed in ATS' handling of Type 1 fonts. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-0229 : Will Dormann of the CERT/CC
ATS
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Applications which use the ATSFontDeactivate API may be vulnerable to an unexpected application termination or arbitrary code execution
Description: A buffer overflow issue existed in the ATSFontDeactivate API.
CVE-ID
CVE-2011-0230 : Steven Michaud of Mozilla
BIND
Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Multiple vulnerabilities in BIND 9.7.3
Description: Multiple denial of service issues existed in BIND 9.7.3. These issues are addressed by updating BIND to version 9.7.3-P3.
CVE-ID
CVE-2011-1910
CVE-2011-2464
BIND
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Multiple vulnerabilities in BIND
Description: Multiple denial of service issues existed in BIND. These issues are addressed by updating BIND to version 9.6-ESV-R4-P3.
CVE-ID
CVE-2009-4022
CVE-2010-0097
CVE-2010-3613
CVE-2010-3614
CVE-2011-1910
CVE-2011-2464
Unexpected (mariothedog) Mac Os X
Certificate Trust Policy
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1.
Impact: Root certificates have been updated
Description: Several trusted certificates were added to the list of system roots. Several existing certificates were updated to their most recent version. The complete list of recognized system roots may be viewed via the Keychain Access application.
CFNetwork
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Safari may store cookies it is not configured to accept
Description: A synchronization issue existed in CFNetwork's handling of cookie policies. Safari's cookie preferences may not be honored, allowing websites to set cookies that would be blocked were the preference enforced. This update addresses the issue through improved handling of cookie storage.
CVE-ID
CVE-2011-0231 : Martin Tessarek, Steve Riggins of Geeks R Us, Justin C. Walker, and Stephen Creswell
CFNetwork
Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information
Description: An issue existed in CFNetwork's handling of HTTP cookies. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could incorrectly send the cookies for a domain to a server outside that domain. This issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-3246 : Erling Ellingsen of Facebook
CoreFoundation
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in CoreFoundation's handling of string tokenization. This issue does not affect OS X Lion systems. This update addresses the issue through improved bounds checking.
CVE-ID
CVE-2011-0259 : Apple
CoreMedia
Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Visiting a maliciously crafted website may lead to the disclosure of video data from another site
Description: A cross-origin issue existed in CoreMedia's handling of cross-site redirects. This issue is addressed through improved origin tracking.
CVE-ID
CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)
CoreMedia
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the handling of QuickTime movie files. These issues do not affect OS X Lion systems.
CVE-ID
CVE-2011-0224 : Apple
CoreProcesses
Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: A person with physical access to a system may partially bypass the screen lock
Description: A system window, such as a VPN password prompt, that appeared while the screen was locked may have accepted keystrokes while the screen was locked. This issue is addressed by preventing system windows from requesting keystrokes while the screen is locked. This issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-0260 : Clint Tseng of the University of Washington, Michael Kobb, and Adam Kemp
CoreStorage
Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Converting to FileVault does not erase all existing data
Description: After enabling FileVault, approximately 250MB at the start of the volume was left unencrypted on the disk in an unused area. Only data which was present on the volume before FileVault was enabled was left unencrypted. This issue is addressed by erasing this area when enabling FileVault, and on the first use of an encrypted volume affected by this issue. This issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-3212 : Judson Powers of ATC-NY
File Systems
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: An attacker in a privileged network position may manipulate HTTPS server certificates, leading to the disclosure of sensitive information
Description: An issue existed in the handling of WebDAV volumes on HTTPS servers. If the server presented a certificate chain that could not be automatically verified, a warning was displayed and the connection was closed. If the user clicked the 'Continue' button in the warning dialog, any certificate was accepted on the following connection to that server. An attacker in a privileged network position may have manipulated the connection to obtain sensitive information or take action on the server on the user's behalf. This update addresses the issue by validating that the certificate received on the second connection is the same certificate originally presented to the user.
CVE-ID
CVE-2011-3213 : Apple
IOGraphics
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: A person with physical access may be able to bypass the screen lock
Description: An issue existed with the screen lock when used with Apple Cinema Displays. When a password is required to wake from sleep, a person with physical access may be able to access the system without entering a password if the system is in display sleep mode. This update addresses the issue by ensuring that the lock screen is correctly activated in display sleep mode. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-3214 : Apple
iChat Server
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: A remote attacker may cause the Jabber server to consume system resources disproportionately
Description: An issue existed in the handling of XML external entities in jabberd2, a server for the Extensible Messaging and Presence Protocol (XMPP). jabberd2 expands external entities in incoming requests. This allows an attacker to consume system resources very quickly, denying service to legitimate users of the server. This update addresses the issue by disabling entity expansion in incoming requests.
CVE-ID
CVE-2011-1755
Kernel
Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: A person with physical access may be able to access the user's password
Description: A logic error in the kernel's DMA protection permitted firewire DMA at loginwindow, boot, and shutdown, although not at screen lock. This update addresses the issue by preventing firewire DMA at all states where the user is not logged in.
CVE-ID
CVE-2011-3215 : Passware, Inc.
Kernel
Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: An unprivileged user may be able to delete another user's files in a shared directory
Description: A logic error existed in the kernel's handling of file deletions in directories with the sticky bit.
CVE-ID
CVE-2011-3216 : Gordon Davisson of Crywolf, Linc Davis, R. Dormer, and Allan Schmid and Oliver Jeckel of brainworks Training
libsecurity
Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution
Description: An error handling issue existed when parsing a nonstandard certificate revocation list extension.
CVE-ID
CVE-2011-3227 : Richard Godbee of Virginia Tech
Mailman
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Multiple vulnerabilities in Mailman 2.1.14
Description: Multiple cross-site scripting issues existed in Mailman 2.1.14. These issues are addressed by improved encoding of characters in HTML output. Further information is available via the Mailman site at http://mail.python.org/pipermail/mailman-announce/2011-February/000158.html This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-0707
MediaKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the handling of disk images. These issues do not affect OS X Lion systems.
CVE-ID
CVE-2011-3217 : Apple
Open Directory
Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Any user may read another local user's password data
Description: An access control issue existed in Open Directory. This issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-3435 : Arek Dreyer of Dreyer Network Consultants, Inc, and Patrick Dunstan at defenseindepth.net
Open Directory
Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: An authenticated user may change that account's password without providing the current password
Description: An access control issue existed in Open Directory. This issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-3436 : Patrick Dunstan at defenceindepth.net
Open Directory
Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: A user may be able to log in without a password
Description: When Open Directory is bound to an LDAPv3 server using RFC2307 or custom mappings, such that there is no AuthenticationAuthority attribute for a user, an LDAP user may be allowed to log in without a password. This issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-3226 : Jeffry Strunk of The University of Texas at Austin, Steven Eppler of Colorado Mesa University, Hugh Cole-Baker, and Frederic Metoz of Institut de Biologie Structurale
PHP
Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: A signedness issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.6. This issue does not affect systems prior to OS X Lion. Further information is available via the FreeType site at http://www.freetype.org/
CVE-ID
CVE-2011-0226
PHP
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Multiple vulnerabilities in libpng 1.4.3
Description: libpng is updated to version 1.5.4 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html
CVE-ID
CVE-2011-2690
CVE-2011-2691
CVE-2011-2692
PHP
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Multiple vulnerabilities in PHP 5.3.4
Description: PHP is updated to version 5.3.6 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. This issues do not affect OS X Lion systems. Further information is available via the PHP website at http://www.php.net/
CVE-ID
CVE-2010-3436
CVE-2010-4645
CVE-2011-0420
CVE-2011-0421
CVE-2011-0708
CVE-2011-1092
CVE-2011-1153
CVE-2011-1466
CVE-2011-1467
CVE-2011-1468
CVE-2011-1469
CVE-2011-1470
CVE-2011-1471
postfix
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Multiple vulnerabilities in Postfix
Description: Postfix is updated to version 2.5.14 to address multiple vulnerabilities, the most serious of which may allow an attacker in a privileged network position to manipulate the mail session to obtain sensitive information from the encrypted traffic. These issues should not affect OS X Lion systems. More information is available via the Postfix site at http://www.postfix.org/announcements/postfix-2.7.3.html
CVE-ID
CVE-2011-0411
CVE-2011-1720
python
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Multiple vulnerabilities in python
Description: Multiple vulnerabilities existed in python, the most serious of which may lead to arbitrary code execution. This update addresses the issues by applying patches from the python project. Further information is available via the python site at http://www.python.org/download/releases/
CVE-ID
CVE-2010-1634
CVE-2010-2089
CVE-2011-1521
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in QuickTime's handling of movie files.
CVE-ID
CVE-2011-3228 : Apple
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in the handling of STSC atoms in QuickTime movie files. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-0249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in the handling of STSS atoms in QuickTime movie files. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-0250 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in the handling of STSZ atoms in QuickTime movie files. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-0251 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in the handling of STTS atoms in QuickTime movie files. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: An attacker in a privileged network position may inject script in the local domain when viewing template HTML
Description: A cross-site scripting issue existed in QuickTime Player's 'Save for Web' export. The template HTML files generated by this feature referenced a script file from a non-encrypted origin. An attacker in a privileged network position may be able to inject malicious scripts in the local domain if the user views a template file locally. This issue is resolved by removing the reference to an online script. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-3218 : Aaron Sigel of vtty.com
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of H.264 encoded movie files.
CVE-ID
CVE-2011-3219 : Damian Put working with TippingPoint's Zero Day Initiative
Unexpected (mariothedog) Mac Os Update
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted movie file may lead to the disclosure of memory contents
Description: An uninitialized memory access issue existed in QuickTime's handling of URL data handlers within movie files.
CVE-ID
CVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
Unexpected (mariothedog) Mac Os Download
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: An implementation issue existed in QuickTime's handling of the atom hierarchy within a movie file.
CVE-ID
CVE-2011-3221 : an anonymous researcher working with TippingPoint's Zero Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of FlashPix files.
CVE-ID
CVE-2011-3222 : Damian Put working with TippingPoint's Zero Day Initiative
QuickTime
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of FLIC files.
CVE-ID
CVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
SMB File Server
Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: A guest user may browse shared folders
Description: An access control issue existed in the SMB File Server. Disallowing guest access to the share point record for a folder prevented the '_unknown' user from browsing the share point but not guests (user 'nobody'). This issue is addressed by applying the access control to the guest user. This issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-3225
Tomcat
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Multiple vulnerabilities in Tomcat 6.0.24
Description: Tomcat is updated to version 6.0.32 to address multiple vulnerabilities, the most serious of which may lead to a cross site scripting attack. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at http://tomcat.apache.org/
CVE-ID
CVE-2010-1157
CVE-2010-2227
CVE-2010-3718
CVE-2010-4172
CVE-2011-0013
CVE-2011-0534
User Documentation
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: An attacker in a privileged network position may manipulate App Store help content, leading to arbitrary code execution
Description: App Store help content was updated over HTTP. This update addresses the issue by updating App Store help content over HTTPS. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-3224 : Aaron Sigel of vtty.com and Brian Mastenbrook
Web Server
Available for: Mac OS X Server v10.6.8
Impact: Clients may be unable to access web services that require digest authentication
Description: An issue in the handling of HTTP Digest authentication was addressed. Users may be denied access to the server's resources, when the server configuration should have allowed the access. This issue does not represent a security risk, and was addressed to facilitate the use of stronger authentication mechanisms. Systems running OS X Lion Server are not affected by this issue.
X11
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1
Impact: Multiple vulnerabilities in libpng
Description: Multiple vulnerabilities existed in libpng, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating libpng to version 1.5.4 on OS Lion systems, and to 1.2.46 on Mac OS X v10.6 systems. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html
CVE-ID
CVE-2011-2690
CVE-2011-2691
CVE-2011-2692