Hi,
aus dem aktuellen Wochennewsletter von Securitytracker.com - irgendwer hat wohl mal "zu gründlich" auf die Maschinen geschaut *gg*
--- Beißkante ---
5. CUPS (Common UNIX Printing System)
Vendor: Apple Computer
A vulnerability was reported in CUPS on Mac OS X. A local user
can obtain potentially sensitive information.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2008/May/1020145.html
6. Apple ImageIO
Vendor: Apple Computer
Two vulnerabilities were reported in Mac OS X ImageIO. A local
user can view portions of system memory. A remote user can cause
arbitrary code to be executed on the target user's system.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2008/May/1020144.html
7. Mac OS X
Vendor: Apple Computer
A vulnerability was reported in Apple Wiki Server. A remote
user can determine user names.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2008/May/1020143.html
8. Mac OS X
Vendor: Apple Computer
A vulnerability was reported in Mac OS X Single Sign-On. A
local user can obtain passwords.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2008/May/1020142.html
9. Mac OS X
Vendor: Apple Computer
Two vulnerabilities were reported in Mac OS X Image Capture. A
local user can view files and obtain elevated privileges on the
target system.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2008/May/1020141.html
10. Apple Mail
Vendor: Apple Computer
A vulnerability was reported in Apple Mail. A remote user may
be able to execute arbitrary code on the target system.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2008/May/1020140.html
11. Mac OS X
Vendor: Apple Computer
A vulnerability was reported in Mac OS X in the processing of
certain character encodings. A remote user can bypass content
filters.
Impact: Disclosure of user information
Alert: http://securitytracker.com/alerts/2008/May/1020139.html
12. Apple Help Viewer
Vendor: Apple Computer
A vulnerability was reported in Apple Help Viewer. A remote
user can cause arbitrary code to be executed on the target user's
system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2008/May/1020138.html
13. Mac OS X
Vendor: Apple Computer
A vulnerability was reported in Mac OS X CoreTypes. A user may
not be warned before opening certain unsafe file types.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2008/May/1020137.html
14. Apple CoreGraphics
Vendor: Apple Computer
A vulnerability was reported in Mac OS X CoreGraphics. A
remote user can cause arbitrary code to be executed on the target
user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2008/May/1020136.html
15. Apple CoreFoundation
Vendor: Apple Computer
A vulnerability was reported in Mac OS X CoreFoundation. A
user can execute arbitrary code on the target system.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2008/May/1020135.html
16. Apple CFNetwork
Vendor: Apple Computer
A vulnerability was reported in Mac OS X CFNetwork. A remote
user can obtain certificate information.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2008/May/1020134.html
17. Mac OS X
Vendor: Apple Computer
A vulnerability was reported in Mac OS X Apple Type Services.
A remote user can cause arbitrary code to be executed on the target
user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2008/May/1020133.html
18. Mac OS X
Vendor: Apple Computer
A vulnerability was reported in Mac OS X in the Pixlet codec.
A remote user can cause arbitrary code to be executed on the target
user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2008/May/1020132.html
19. Mac OS X
Vendor: Apple Computer
A vulnerability was reported in Mac OS X. A remote user can
cause arbitrary code to be executed on the target user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2008/May/1020131.html
20. Apple File Protocol (AFP)
Vendor: Apple Computer
A vulnerability was reported in the Mac OS X Apple File
Protocol (AFP) server. A remote user can view files that are not
designated for sharing.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2008/May/1020130.html
---
Ist einfach alles dabei, was sonst bei Windows bemängelt wird: Codeausführung über's Netz, ungewollte Codeausführung beim Lesen von Mail, Ausspähen von Dateien über's LAN, lokale User dürfen auch an Daten an die sie nicht dürfen, ...
Der einzige echte Vorteil: Solange der Marktanteil bei 5% liegt, macht sich keiner die Mühe die Möglichkeiten zu nutzen...
Ciao,
Detlev