Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > April 2005 > Apple - Security Update 2005-004 [APPLE-SA-2005-04-19 ]

April 2005

Apple - Security Update 2005-004 [APPLE-SA-2005-04-19 ]

ID: 00336
Ref: 310/2005
Date: 20 April 2005:17:05:33
Version: 1
Title: Apple - Security Update 2005-004 [APPLE-SA-2005-04-19 ]
Abstract: A buffer overflow in iSync could lead to local privilege escalation
Vendors affected: Apple
Operating systems affected: Apple
Applications affected: Apple

Title
=====
Apple - Security Update 2005-004 [APPLE-SA-2005-04-19 ]

Detail
======


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-04-19 Security Update 2005-004

Security Update 2005-004 is now available and delivers the following
security enhancement:

iSync
Available for: iSync 1.5
CVE-ID: CAN-2005-0193
Impact: A buffer overflow in iSync could lead to local privilege
escalation
Description: The iSync helper tool mRouter contains a buffer
overflow vulnerability. This could result in the execution of
arbitrary commands as root by local system users. Security Update
2005-004 fixes this problem by providing a patched version of
mRouter. iSync 1.4 is also affected by this vulnerability, and
customers are encouraged to update to the freely available iSync 1.5
version, then apply Security Update 2005-004. Credit to Braden
Thomas for reporting this issue.

Security Update 2005-004 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

The download file is named: "SecUpd2005-004Pan.dmg"
Its SHA-1 digest is: 5ef91d98b43ff8d139b2b18782487fc5d13eb21a

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQmWOkJyw5owIz4TQAQK5yAf+ONkSVIQ+r2h6rCtdQjaRzJq3kBlxyLSK
e8SYG+ptqM7u+T5awi1JUnF/yv7Mo1sdr3swcYEagWUmanKAZqeznq1Wzz25y8ci
vsVrWcO6Vm2w34eYg3+pjdGekQAL4E7YUtjZHf7S8sTjBwrPPB4tNsyUqv03vN/c
EDvPYdn6oBPHaTcvquDXJG/z8poM6jeBrwfMJ5p2lx4nLDKRRSqccSQfp7hMXrMf
qX7aFyD5TB+qJaJmv0zo1/cCOgopkhl/N5KOqGyAkyPSFfMqSRhx33UsRtq4JycZ
vsdghRIzL6oDbVq+VjFPqUlTOdOgwpLFnYDxHaTs+mvk2GhnmftVlA==
=TusL
- -----END PGP SIGNATURE-----


  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |