14 DAY TRIAL // Alongside Mac OS X 10.6.7, Apple has released Security Update 2011-001, the first such update from Cupertino this year, dedicated to patching various vulnerabilities in its Snow Leopard operating system.
A document that describes the security content of Mac OS X 10.6.7 and Security Update 2011-001, is now available on Apple’s Support site for those wondering what it was that needed to be addressed in Snow Leopard security-wise.
First of all, we would like to note that Security Update 2011-001 includes dozens of patches touching various core OS components; therefore, we can only focus on a few examples.
Such as the AirPort vulnerability affecting systems running Mac OS X v10.6 through v10.6.6, and Mac OS X Server v10.6 through v10.6.6, which allows an attacker on the same network to cause a system reset, when connected to Wi-Fi.
“A divide by zero issue existed in the handling of Wi-Fi frames,” reads Apple’s description of the bug. “When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset.”
The bug does not affect versions of Mac OS X that are older than 10.6, Apple says.
QuickLook, Apple’s powerful technology that provides an instant preview of the contents of your documents without ever opening them, was also flawed, according to Support document HT4581.
Also on Snow Leopard only, “Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution.” the bug is described.
Talking about the vulnerability more broadly, Apple reveals that a memory corruption in QuickLook's handling of Excel files may lead to an unexpected application termination or arbitrary code execution, should the user download a maliciously crafted Excel file.
Before you run off to download your latest updates, know that the Terminal application was also plagued by an issue on Snow Leopard when SSH is used in Terminal's "New Remote Connection" dialog.
Apparently, in such circumstances SSH version 1 was selected as the default protocol version. The issue is addressed by changing the default protocol version to "Automatic," Apple notes.