2012-001 v1.1 3 patches removed/security implications?
Besides finding out if this fixes all the problems for any PPC app affected, what I still want to know is since v1.1 reportedly removed the patches in the original for the three ImageIO vulnerabilities as the fix for the Rosetta problem, doesn't that leave us wide open now for those exploits? These looked kind of nasty. Nothing like having a little information about what's going on.
ImageIO
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF files. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies
-------------
ImageIO
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue is addressed by updating libtiff to version 3.9.5.
CVE-ID
CVE-2011-1167
------------
ImageIO
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact: Multiple vulnerabilities in libpng 1.5.4
Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html