CVE-2010-1752
IT Security Geeks would like to congratulate Neil Fryer for discovering a stack overflow vulnerability in Apple’s OS X CFNetwork.
The below is taken from the Apple Security update site:
CFNetwork
CVE-ID: CVE-2010-1752
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through
v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Visiting a maliciously crafted website may lead to an unexpected application
termination or arbitrary code execution
Description: A stack overflow exists in CFNetwork’s URL handling code. Visiting a
maliciously crafted website may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved bounds checking. Credit to Laurent
OUDOT of TEHTRI-Security, and Neil Fryer of IT Security Geeks for reporting this issue.