Directory Service
Impact: A remote attacker may execute arbitrary code with system privileges on systems with Directory Service enabled
Description: An issue existed in the directory server's handling of messages from the network. By sending a maliciously crafted message, a remote attacker could cause the directory server to terminate or execute arbitrary code with system privileges. This issue was addressed through improved bounds checking. This issue does not affect OS X Lion or OS X Mountain Lion systems.
OpenSSL
Impact: An attacker may be able to decrypt data protected by SSL
Description: There were known attacks on the confidentiality of TLS 1.0 when compression was enabled. This issue was addressed by disabling compression in OpenSSL.
OpenSSL
Impact: Multiple vulnerabilities in OpenSSL
Description: OpenSSL was updated to version 0.9.8x to address multiple vulnerabilities, which may lead to denial of service or disclosure of a private key. Further information is available via the OpenSSL website at
http://www.openssl.org/news/
QuickTime
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of 'enof' atoms. This issue was addressed through improved bounds checking.
QuickTime
Impact: Viewing a maliciously crafted QTIF file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of QTIF files. This issue was addressed through improved bounds checking.
QuickTime
Impact: Viewing a maliciously crafted FPX file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of FPX files. This issue was addressed through improved bounds checking.
Ruby
Impact: Multiple vulnerabilities in Ruby on Rails
Description: Multiple vulnerabilities existed in Ruby on Rails, the most serious of which may lead to arbitrary code execution on systems running Ruby on Rails applications. These issues were addressed by updating Ruby on Rails to version 2.3.18. This issue may affect OS X Lion or OS X Mountain Lion systems that were upgraded from Mac OS X 10.6.8 or earlier. Users can update affected gems on such systems by using the /usr/bin/gem utility.
