O'Grady's PowerPage

Tag: corruption

  • Apple releases Safari 7.0.6, 6.1.6, addresses WebKit security issues

    Apple_Safari

    On Wednesday, Apple released version 7.0.6 of its Safari web browser for OS X Mavericks and version 6.1.6 for its OS X Lion and Mountain Lion operating systems. The new version, features fixes for several WebKit-related security and memory corruption issues that could let attackers run arbitrary code on victim’s computers. The security issue could also cause app crashes.

    According to the security release notes, seven security issues were patches, all related to WebKit memory corruption. The notes state, “These issues were addressed through improved memory handling.”

    (more…)

  • Google Chrome updated to 27.0.1453.110

    google-chrome-logo

    It was updated again.

    And that’s not a bad thing.

    On Wednesday, Google released version 27.0.1453.110 of its Chrome web browser. The update, a 50.4 megabyte download, adds the following fixes and changes:
    – Medium CVE-2013-2855: Memory corruption in dev tools API.

    – High CVE-2013-2856: Use-after-free in input handling.

    – High CVE-2013-2857: Use-after-free in image handling.

    – High CVE-2013-2858: Use-after-free in HTML5 Audio.

    – High CVE-2013-2859: Cross-origin namespace pollution.

    – High CVE-2013-2860: Use-after-free with workers accessing database APIs.

    – High CVE-2013-2861: Use-after-free with SVG.

    – High CVE-2013-2862: Memory corruption in Skia GPU handling.

    – Critical CVE-2013-2863: Memory corruption in SSL socket handling.

    – High CVE-2013-2864: Bad free in PDF viewer.

    – High CVE-2013-2865: Various fixes from internal audits, fuzzing and other initiatives.

    Google Chrome 27.0.1453.110 requires an Intel-based Mac with Mac OS X 10.6 or later to install and run. If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

  • Google Chrome updated to 23.0.1271.64

    google-chrome-logo

    It’s the bug fixes that make a difference.

    Late Tuesday, Google released a beta of version 23.0.1271.64 of its Chrome web browser. The update, a 56.5 megabyte download, adds the following fixes and changes:

    – Medium CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. Credit to Phil Turnbull.

    – High CVE-2012-5116: Use-after-free in SVG filter handling. Credit to miaubiz.

    – [Mac OS only] [149717] High CVE-2012-5118: Integer bounds check issue in GPU command buffers. Credit to miaubiz.

    – High CVE-2012-5121: Use-after-free in video layout. Credit to Atte Kettunen of OUSPG.

    – Low CVE-2012-5117: Inappropriate load of SVG subresource in img context. Credit to Felix Groebert of the Google Security Team.

    – Medium CVE-2012-5119: Race condition in Pepper buffer handling. Credit to Fermin Serna of the Google Security Team.

    – Medium CVE-2012-5122: Bad cast in input handling. Credit to Google Chrome Security Team (Inferno).

    – Medium CVE-2012-5123: Out-of-bounds reads in Skia. Credit to Google Chrome Security Team (Inferno).

    – High CVE-2012-5124: Memory corruption in texture handling. Credit to Al Patrick of the Chromium development community.

    – Medium CVE-2012-5125: Use-after-free in extension tab handling. Credit to Alexander Potapenko of the Chromium development community.

    – Medium CVE-2012-5126: Use-after-free in plug-in placeholder handling. Credit to Google Chrome Security Team (Inferno).

    – High CVE-2012-5128: Bad write in v8. Credit to Google Chrome Security Team (Cris Neckar).

    Google Chrome 23.0.1271.64 requires an Intel-based Mac with Mac OS X 10.5 or later to install and run. If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

  • Microsoft pulls Office 2011 Service Pack 2 update, offers apology and workaround for Outlook database corruption bug

    Well, this is awkward.

    A little over a week after releasing an update to its Office 2011 for Mac, Microsoft has stopped pushing out auto-updates for Service Pack 2 over a flaw that corrupts identity databases in the company’s Outlook mail client.

    The announcement was made on Friday through the company’s Office blog, and notifies users that automatic updates for SP2 will be temporarily suspended while the company investigates the cause of the problem.

    From the post:
    “On April 12th, we released SP2 for Office for Mac 2011. The majority of our customers have been delighted with the improvements – new features and performance. Unfortunately, a small percentage are experiencing some issues with the update, specifically related to the Outlook for Mac database.”

    Five days after initially releasing SP2, Microsoft posted a workaround and apology to users affected by the update.

    The first workaround deals with those users who have yet to install the update, and calls for the rebuilding of Outlook’s database. The second, more comprehensive fix deals with those who already installed the patch and involves a complicated procedure to restore the database to working condition from an existing backup.

    Office 2011 for Mac users can still download SP2 through Microsoft’s website, though it is recommended that the workaround be implemented prior to installation.

    The SP2 update brought many enhancements for OS X Lion users like full-screen display modes and performance improvements.

    Stay tuned for additional details as they become available.

  • Google Chrome 5.0.375.99 released

    google-chrome-logo

    Google Chrome, Google’s new web browser, just reached version 5.0.375.99 for the Mac. The new version, an 25.4 megabyte download, offers the following the following changes:

    – Low OOB read with WebGL. Credit to Sergey Glazunov; Google Chrome Security Team (SkyLined).

    – Medium Isolate sandboxed iframes more strongly. Credit to sirdarckcat of Google Security Team.

    – High Memory corruption with invalid SVGs. Credit to Aki Hekin of OUSPG; wushi of team509.

    – High Memory corruption in bidi algorithm. Credit to wushi of team509.

    – Low Crash with invalid image. Credit to javg0x83.

    – High Memory corruption with invalid PNG (libpng bug). Credit to Aki Helin of OUSPG.

    – High Memory corruption in CSS style rendering. Credit to wushi of team509.

    – Low Annoyance with print dialogs. Credit to Mats Ahlgren.

    – Low Crash with modal dialogs. Credit to Aki Helin of OUSPG.

    Google Chrome requires Mac OS X 10.5 or later and an Intel-based Mac to install and run.

    If you’ve played with it and have an opinion, let us know what you think in the comments.