Apple has shipped a new Mac OS X security update to fix 13 documented vulnerabilities, some serious enough to expose users to remote code execution attacks.
The patch includes fixes for security holes in several open-source components, including ClamAV and PHP.
Here's a quick look at the vulnerabilities and affected components.
CVE-2010-1808: A stack buffer overlow exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
CVE-2010-1800: CFNetwork permits anonymous TLS/SSL connections. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue does not affect the Mail application. This issue is addressed by disabling anonymous TLS/SSL connections. This issue does not affect systems prior to Mac OS X v10.6.3.
ClamAV (CVE-ID: CVE-2010-0098, CVE-2010-1311): Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.96.1. ClamAV is distributed only with Mac OS X Server systems.
CVE-2010-1801: A heap buffer overflow exists in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking.
CVE-2010-1802: An issue exists in the handling of certificate host names. For host names containing three or more components, the last characters are not properly compared. In the case of a name containing exactly three components, only the last character is not checked. For example, if an attacker in a privileged network position could obtain a certificate for www.example.con the attacker can impersonate www.example.com.
PHP (CVE-2010-1205): A buffer overflow exists in PHP's libpng library. Loading a maliciously crafted PNG image may lead to an unexpected application termination or arbitary code execution.
PHP (CVE-2010-1129, CVE-2010-0397, CVE-2010-2225, CVE-2010-2531, CVE-2010-2484): PHP is updated to version 5.3.2 to address multiple vulnerabilities, the most serious of which may lead to arbitary code execution.
CVE-2010-2063: A buffer overflow exists in Samba. An unauthenticated remote attacker may cause a denial of service or arbitrary code execution by sending a maliciously crafted packet. This issue is addressed by performing additional validation of packets in Samba.
Security Update 2010-005 is available from the Mac OS X Software Update pane in System Preferences.