Multiple Vulnerabilities in Apple Mac OS X Could Allow Remote Code Execution

ITS Advisory Number: 
2013-089
Date(s) Issued: 
Friday, September 13, 2013
Subject: 
Multiple Vulnerabilities in Apple Mac OS X Could Allow Remote Code Execution
Overview: 

Multiple vulnerabilities exist in Apples Mac OS X and Mac OS X Server that could allow remote code execution. Mac OS X and Mac OS X Server are operating systems for Apple computers. These vulnerabilities can be exploited if a user visits or is redirected to a specially crafted webpage or opens a specially crafted file, including an email attachment, using a vulnerable version of OS X.  Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

'
Systems Affected: 
  • Apple OS X 10.8 to 10.8.4
  • Apple OS X 10.7.5
  • Apple OS X Server 10.7.5
  • Apple OS X 10.6.8
  • Apple OS X Server 10.6.8
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 


Multiple vulnerabilities exist in Apple Mac OS X. These vulnerabilities can be exploited if a user visits or is redirected to a specially crafted webpage or opens a specially crafted file.

The vulnerabilities are as follows:

CVE-2012-0883
CVE-2012-2687
CVE-2012-3499
CVE-2012-4558

CVE-2012-3817
CVE-2012-4244
CVE-2012-5166
CVE-2012-5688
CVE-2013-2266

CVE-2013-2020
CVE-2013-2021

CVE-2013-1025

CVE-2013-1026

CVE-2013-1027

CVE-2013-1028

CVE-2013-1029

CVE-2013-1030

CVE-2012-2686
CVE-2013-0166
CVE-2013-0169

CVE-2013-1635
CVE-2013-1643
CVE-2013-1824
CVE-2013-2110

CVE-2013-1899
CVE-2013-1900
CVE-2013-1901

CVE-2013-1031

CVE-2013-1032

CVE-2013-1033

CVE-2013-1775

Successful exploitation of some of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Actions: 
  • Apply appropriate patches provided by Apple to vulnerable systems immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to open email attachments from unknown users or suspicious emails from trusted sources.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
References: 
Apple:
http://support.apple.com/kb/HT5880
CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266