Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0192 Boot Camp 5.1 13 February 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Boot Camp Publisher: Apple Operating System: Windows 7 Windows 8 Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-1253 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-02-11-1 Boot Camp 5.1 Boot Camp 5.1 is now available and addresses the following: Boot Camp Available for: Macs running Boot Camp 5 Impact: Loading a malformed executable file may cause memory corruption in the kernel Description: A bounds checking issue existed in the AppleMNT.sys driver's parsing of Portable Executable files. If a Portable Executable file with a malformed header is loaded, this could cause a Boot Camp driver to corrupt kernel memory. The issue was addressed through improved bounds checking. CVE-ID CVE-2014-1253 : MJ0011 of 360 Security Center Boot Camp 5.1 may be obtained via Apple Software Update or from: http://support.apple.com/downloads/ Depending on your Mac model, the downloading file name is one of the following two: The download file name: BootCamp5.1.5621.zip Its SHA-1 digest: 72c71be259474836c17ddd400aca2218660b8aac The download file name: BootCamp5.1.5640.zip Its SHA-1 digest: 2998a7881509a87b22abc6764379c0a33b6ced3a Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJS+rIpAAoJEPefwLHPlZEwM0gQAJ5Ffh3VoQKk/psQJN6ABJar SbijQfk9eILkiO/XDMwrLKmj0183VS1N+xGzLaZqC0wDjwwwUHOJHUGK02+rRPCf pI2NkZeaRJtGeSfC1LjDHbBhToJLY3JbGU8+NiZrWiFwcJMhyHvgcjWQwOvN2X9R jNiHvo5kTBXboaCwBU9NRvWXDmWbCeWPCsAr0WYOsyCMT4fms/2NtygjiregAGBO BL1kDf2BiF+1lcfGD/cQgOyYPrvOhBtIp6//5UhksFY2h90lHu7Dm6FTUKlUyTzh qKVSro4FL87OA2opuPwAOsbX/96XZEgHlHs2mOy2dGkDCZ2LF6KjWARanSIixBFV 2ARsj6ck+O9S+8KBVGEFBPPKN0fNZ7Irhivv/rR+w1AZLMsbLvdGdm4CarrMEogX daPXwiWnMNsWadMVMIeHpjdYprVw/vfIDCqBXwZfLnDeHxtHgMxyNx0uuXrBPDWu HjrB8Uo0/MSp55QyOSY4DLhQWVTC9mNc5CKcMmnmOQtH4niGyXc+D7k2pa7dKHPY NLggsaiNOKiTjUpcgGEOz191Q7vVDGpGCuV81C9k+AYMWToXnffGXYO62zk0NeIH 7sZ9feNCTZHLlFDF0v9KnnyXFLMTcgT0WXtw1RAcBY7UebcaBSS1ljyw45qGo+bA 3J/op5VbemkYblZScFvu =Dlmy - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUvwrAxLndAQH1ShLAQK+ng//ebtDDm8rqVUgTlIYRFirISfhsCAeatBy Csyp1ieHRq2c5kT4fFS17jyexLsJDHXFrTwXGkTQ6e1XMpnQHlKF0kSPVUldeKlo adIOBPfp2UxkSruaG1jNZbQCrZ1we9jVZ3olsbY/+S5M7h/bB4YVUpni749qJ2y1 lvSZuk6ART2mdEfCPsWELtSbTPJ7oYSJgTBK0TcF+CMkoGu5vGETZ5xc+NfmpNqj JYovDSdB7pRnlXh+QbZg493mb0a1xtwAW7B2iKMHS/8deVb8EopWhkf20FxuKfcW GYSXoBErm5gb1cYqCexb8siAz2nCoN8+FE2u74mBygb4+thp/JV69HSVtx5qv58B 0fSEg2nJgIK40KjSBp5mMcuRoOT1vNZaRvuCNd3fAhlJPk7dSH9F3P0Wb2XpdkH8 mpuTKBECHPzjZOskerK73bpG2NzoJqHBPyIWZGQs5i+uuo98/Tqk3kI1EZeUhxjl +fK9iUNyeISzjY06e+yKL9JIoy00wmYUChWwU1sVEg1W61vrYDxzWuptC043cBx5 fZYOIsYfp6Qtwacg+tWWA6Qf1yzZhrf2YKVPTcudmx9ivRy7CSeCApJEja7zZnF9 SWJRD1IN0kPnFOSpUONPPfNq/ZdMGrGorVHr5c7E1eaulGLn0lqg11TMVhb5p/cv Ig55j5MdItc= =XyMu -----END PGP SIGNATURE-----