keine sicherheitslücken???
sorry ... aber ... du scheinst von der materie sicherheit und computer wenig ahnung zu haben :(
nur eine kurze liste
the Month of Apple Bugs
31 "Unspecified Kernel Remote Fun" Pull the plug, beware of evil RF. Coming soon. CVE-2007-0586
30 Multiple Apple Software Format String Vulnerabilities Apple Help Viewer, Safari, iMovie and iPhoto are affected by multiple format string vulnerabilities, related to certain functions from AppKit that have been documented in previous releases. Not required. CVE-NO-NAME
29 Apple iChat Bonjour Multiple Denial of Service Vulnerabilities Apple iChat Bonjour functionality is affected by several remotely exploitable denial of service flaws which can be triggered via advertising presence services over multicast DNS. MOAB-29-01-2007.rb CVE-NO-NAME
28 Apple crashdump Privilege Escalation Vulnerability crashdump follows symlinks within the /Library/Logs/CrashReporter/ directory, allowing admin-group users to execute arbitrary code and overwrite files with elevated privileges. In couple with a specially crafted Mach-O binary, this can be used to write a malicious crontab entry, which will run with root privileges. MOAB-28-01-2007.rb CVE-2007-0467
27 Telestream Flip4Mac WMV Parsing Memory Corruption Vulnerability Flip4Mac fails to properly handle WMV files with a crafted ASF_File_Properties_Object size field, leading to an exploitable memory corruption condition, which can be abused remotely for arbitrary code execution. MOAB-27-01-2007.wmv CVE-2007-0466
26 Apple Installer Package Filename Format String Vulnerability Apple Installer fails to properly handle package filename strings. It's a affected by a typical format string vulnerability, which can lead to a denial of service condition or arbitrary code execution. Not necessary CVE-2007-0465
25 Apple CFNetwork HTTP Response Denial of Service CFNetwork fails to handle certain HTTP responses properly, causing the _CFNetConnectionWillEnqueueRequests() function to dereference a NULL pointer, leading to a denial of service condition. MOAB-25-01-2007.rb
MOAB-25-01-2007.c CVE-2007-0464
24 Apple Software Update Catalog Filename Format String Vulnerability Software Update fails to properly handle the filename strings containing the swutmp extension. It's a affected by a typical format string vulnerability, which can lead to a denial of service condition or arbitrary code execution. Not necessary. CVE-2007-0463
23 Apple QuickDraw GetSrcBits32ARGB() Memory Corruption Vulnerability A vulnerability exists in the handling of ARGB records (Alpha RGB) within PICT images, that leads to an exploitable memory corruption condition. MOAB-23-01-2007.pct CVE-2007-0462
22 Apple UserNotificationCenter Privilege Escalation Vulnerability UserNotificationCenter retains wheel privileges on execution time, and still has a UID associated with the current user. Because of this, it> will attempt to run any InputManager provided by the user. Code within the input manager will run under wheel privileges. In combination with diskutil and a wheel-writable setuid binary, this allows unprivileged users to gain root privileges. MOAB-22-01-2007.rb CVE-2007-0023
21 System Preferences writeconfig Local Privilege Escalation Vulnerability The preference panes setuid helper, writeconfig, makes use of a shell script which lacks of PATH sanitization, allowing users to execute arbitrary binaries under root privileges. MOAB-21-01-2007.rb CVE-2007-0022
20 Apple iChat aim:// URL Handler Format String Vulnerability Apple iChat AIM URI scheme (referred as the 'url handler') handling is affected by a classic format string vulnerability, allowing remote users to cause a denial of service condition or arbitrary code execution. MOAB-20-01-2007.html CVE-2007-0021
19 Transmit.app ftps:// URL Handler Heap Buffer Overflow Transmit does not allocate enough space when dealing with the string passed on via the ftps:// URL handler, leading to an exploitable heap-based buffer overflow condition. MOAB-19-01-2007.html CVE-2007-0020
18 Rumpus Multiple Vulnerabilities rumpusd is vulnerable to different remotely exploitable heap-based buffer overflows, denial of service conditions and local privilege escalation issues. MOAB-18-01-2007.rb CVE-2007-0019
17 Apple SLP Daemon Service Registration Buffer Overflow Vulnerability slpd is vulnerable to a buffer overflow condition when processing the attr-list field of a registration request, leading to an exploitable denial of service condition and potential arbitrary execution. It would allow unprivileged local (and possibly remote) users to execute arbitrary code under root privileges. MOAB-17-01-2007.rb CVE-2007-0355
16 Multiple Colloquy IRC Format String Vulnerabilities Colloquy is vulnerable to a format string vulnerability in the handling of INVITE requests, that can be abused by remote users and requires no interaction at all, leading to a denial of service and potential arbitrary code execution. MOAB-16-01-2007.rb CVE-2007-0344
15 Multiple Mac OS X Local Privilege Escalation Vulnerabilities Multiple binaries inside the /Applications directory tree are setuid root, but remain writable by users in the admin group (ex. first user by default in a non-server Mac OS X installation), allowing privilege escalation. MOAB-15-01-2007.rb CVE-2007-0345
14 AppleTalk ATPsndrsp() Heap Buffer Overflow Vulnerability The _ATPsndrsp function is vulnerable to a heap-based buffer overflow condition, due to insufficient checking of user input. This leads to a denial of service condition and potential arbitrary code execution by unprivileged users. MOAB-14-01-2007.c CVE-2007-0236
13 Apple DMG HFS+ do_hfs_truncate() Denial of Service Vulnerability A specially crafted HFS+ filesystem in a DMG image can cause the do_hfs_truncate() function to panic the kernel (denial of service), when attempting to remove a file from the mounted filesystem. This issue can't lead to arbitrary code execution, although there's a significant risk of local HFS+ filesystems corruption. MOAB-13-01-2007.dmg.gz CVE-2006-5482 (similar old issue, UFS-based)
12 Apple DMG UFS ufs_lookup() Denial of Service Vulnerability A specially crafted UFS filesystem in a DMG image can cause the ufs_lookup() function to call ufs_dirbad() when a corrupted directory entry is being read, leading to a kernel panic (denial of service). This issue can't be abused for remote code execution. MOAB-12-01-2007.dmg.gz CVE-2007-0267
MOAB-11-01-2007
11 Apple DMG UFS byte_swap_sbin() Integer Overflow Vulnerability The byte_swap_sbin() function, one of the UFS byte swapping routines (this code isn't present in FreeBSD and it's Mac OS X XNU-specific; used for compatibility of filesystem streams between little and big-endian systems) is affected by a integer overflow vulnerability, leading to an exploitable denial of service condition. MOAB-11-01-2007.dmg.gz CVE-2007-0299
MOAB-10-01-2007
10 Apple DMG UFS ffs_mountfs() Integer Overflow Vulnerability The ffs_mountfs() function, part of the UFS filesystem handling code (shared between FreeBSD and Mac OS X XNU) is affected by an integer overflow vulnerability, leading to an exploitable denial of service condition and potential arbitrary code execution. MOAB-10-01-2007.dmg.gz CVE-2006-5679
MOKB-03-11-2006
MOKB-08-11-2006
9 Apple Finder DMG Volume Name Memory Corruption Finder is affected by a memory corruption vulnerability, which leads to an exploitable denial of service condition and potential arbitrary code execution, that can be triggered by DMG images. MOAB-09-01-2007.rb
MOAB-09-01-2007.dmg CVE-2007-0197
8 Application Enhancer (APE) Local Privilege Escalation Application Enhancer (APE) is affected by a local privilege escalation vulnerability which allows local users to gain root privileges. exploit-of-the-apes.rb CVE-2007-0162
7 OmniWeb Javascript alert() Format String Vulnerability OmniWeb is affected by a format string vulnerability in the handling of Javascript alert() function, which could allow remote arbitrary code execution. MOAB-07-01-2007.html CVE-2007-0148
6 Multiple Vendor PDF Document Catalog Handling Vulnerability The current PDF specification is affected by a design flaw, a rogue Pages entry or malicious catalog dictionary could cause a denial of service (memory corruption condition, memory leakage, etc) or potential arbitrary code execution in the reader application. MOAB-06-01-2007.pdf CVE-2007-0104
CVE-2007-0103
CVE-2007-0102
5 Apple DiskManagement BOM Local Privilege Escalation Vulnerability A vulnerability in the handling of BOM files by DiskManagement/diskutil allows to set rogue permissions on the filesystem. This can be used to execute arbitrary code and escalate privileges. MOAB-05-01-2007.rb
MOAB-05-01-2007_cron.rb CVE-2007-0117
4 iLife iPhoto Photocast XML title Format String Vulnerability A format string vulnerability in the handling of iPhoto XML feeds title field allows potential remote arbitrary code execution. MOAB-04-01-2007.rb CVE-2007-0051
3 Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability A vulnerability in the handling of the HREFTrack field allows to perform cross-zone scripting, leading to potential remote arbitrary code execution. MOAB-03-01-2007.rb CVE-2007-0059
2 VLC Media Player udp:// Format String Vulnerability A vulnerability in the handling of the udp:// URL handler allows remote arbitrary code execution. VLCMediaSlayer-x86.pl
VLCMediaSlayer-ppc.pl CVE-2007-0017
1 Apple Quicktime rtsp URL Handler Stack-based Buffer Overflow A vulnerability in the handling of the rtsp:// URL handler allows remote arbitrary code execution. MOAB-01-01-2007.rb CVE-2007-0015