Home / mailings APPLE-SA-2011-01-06-1 Mac OS X v10.6.6
Posted on 06 January 2011
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-01-06-1 Mac OS X v10.6.6
Mac OS X v10.6.6 is now available and addresses the following:
PackageKit
CVE-ID: CVE-2010-4013
Available for: Mac OS X v10.6 through v10.6.5,
Mac OS X Server v10.6 through v10.6.5
Impact: A man-in-the-middle attacker may be able to cause an
unexpected application termination or arbitrary code execution
Description: A format string issue exists in PackageKit's handling
of distribution scripts. A man-in-the-middle attacker may be able to
cause an unexpected application termination or arbitrary code
execution when Software Update checks for new updates. This issue is
addressed through improved validation of distribution scripts. This
issue does not affect systems prior to Mac OS X v10.6. Credit to
Aaron Sigel of vtty.com for reporting this issue.
Mac OS X Server v10.6.6 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Mac OS X v10.6.5
The download file is named: MacOSXUpd10.6.6.dmg
Its SHA-1 digest is: 299d22132bebdab229be531e169d65a88f4736c9
For Mac OS X v10.6 - v10.6.4
The download file is named: MacOSXUpdCombo10.6.6.dmg
Its SHA-1 digest is: 868768cbc88db1895161f74030e98e8ce2303151
For Mac OS X Server v10.6.5
The download file is named: MacOSXServerUpd10.6.6.dmg
Its SHA-1 digest is: 2f202fcbe27fa54ddd2fb8aaa5b4aa9b055301e2
For Mac OS X Server v10.6 - v10.6.4
The download file is named: MacOSXServUpdCombo10.6.6.dmg
Its SHA-1 digest is: 3d051d91a8ffe4d25b95378eb7385e94a64fc71c
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
