Apple Product/Version CVE # Date Reported/Disclosed (D) Date Patched Issued Days to Patch Vulnerable System/Software Component
QuickTime 7.0.4 CVE-2005-2340 12/12/2005 1/10/2006 29 Heap-based buffer overflow in Apple Quicktime before 7.0.4
QuickTime 7.0.4 CVE-2005-3707 11/28/2005 1/10/2006 43 Buffer overflow in Apple Quicktime before 7.0.4
QuickTime 7.0.4 CVE-2005-3708 11/28/2005 1/10/2006 43 Integer overflow in Apple Quicktime before 7.0.4
QuickTime 7.0.4 CVE-2005-3709 11/28/2005 1/10/2006 43 Integer underflow in Apple Quicktime before 7.0.4
QuickTime 7.0.4 CVE-2005-3710 11/28/2005 1/10/2006 43 Integer overflow in Apple Quicktime before 7.0.4
QuickTime 7.0.4 CVE-2005-3711 11/28/2005 1/10/2006 43 Integer overflow in Apple Quicktime before 7.0.4
QuickTime 7.0.4 CVE-2005-3713 10/31/2005 1/10/2006 71 Heap-based buffer overflow in Apple Quicktime before 7.0.4
QuickTime 7.0.4 CVE-2005-4092 11/17/2005 1/10/2006 54 Multiple heap-based buffer overflows QuickTime Player 7.0.3 & iTunes 6.0.1 (3) 8
Security Update 2006-001 CVE-2006-0384 2/19/2006(D) 3/1/2006 10 automount in Mac OS X 10.4.5
Security Update 2006-001 CVE-2005-3706 Withheld by researcher 3/1/2006 Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5
Security Update 2006-001 CVE-2006-0395 Internal/Not Credited 3/1/2006 Download Validation in Mail in Mac OS X 10.4
Security Update 2006-001 CVE-2005-4504 Internal/Not Credited 3/1/2006 KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari
Security Update 2006-001 CVE-2006-0387 Internal/Not Credited 3/1/2006 Stack-based buffer overflow in Safari
Security Update 2006-001 CVE-2006-0388 Internal/Not Credited 3/1/2006 Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5
Security Update 2006-001 CVE-2006-0848 2/22/2006(D) 3/1/2006 9 "Open 'safe' files after downloading" option in Safari on Apple Mac OS X
Security Update 2006-001 CVE-2006-0389 Internal/Not Credited 3/1/2006 Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS)
Security Update 2006-001 N/A 2/13/2006(D) 3/1/2006 16 Patch to fix iChat weakness exploited by OS X/Leap Worm
Security Update 2006-002 CVE-2006-0396 3/4/2006 3/13/2006 9 Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5
Security Update 2006-002 CVE-2006-0397 3/2/2006 3/13/2006 11 Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5
Security Update 2006-002 CVE-2006-0398 3/2/2006 3/13/2006 11 Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5
Security Update 2006-002 CVE-2006-0399 3/2/2006 3/13/2006 11 Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5
QuickTime 7.1 CVE-2006-1458 Internal/Not Credited 5/11/2006 Integer overflow in Apple QuickTime Player before 7.1
QuickTime 7.1 CVE-2006-1459 2/11/2006 5/11/2006 89 Multiple integer overflows in Apple QuickTime before 7.1
QuickTime 7.1 CVE-2006-1460 2/11/2006 5/11/2006 89 Multiple buffer overflows in Apple QuickTime before 7.1
QuickTime 7.1 CVE-2006-1461 2/11/2006 5/11/2006 89 Multiple buffer overflows in Apple QuickTime before 7.1
QuickTime 7.1 CVE-2006-1462 2/11/2006 5/11/2006 89 Multiple integer overflows in Apple QuickTime before 7.1
QuickTime 7.1 CVE-2006-1463 2/11/2006 5/11/2006 89 Heap-based buffer overflow in Apple QuickTime before 7.1
QuickTime 7.1 CVE-2006-1464 2/11/2006 5/11/2006 89 Buffer overflow in Apple QuickTime before 7.1 allows
QuickTime 7.1 CVE-2006-1249 3/7/2006 5/11/2006 65 Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2
QuickTime 7.1 CVE-2006-1465 2/11/2006 5/11/2006 90 Buffer overflow in Apple QuickTime before 7.1
QuickTime 7.1 CVE-2006-1453 2/11/2006 5/11/2006 90 Stack-based buffer overflow in Apple QuickTime before 7.1
QuickTime 7.1 CVE-2006-1454 2/11/2006 5/11/2006 90 Heap-based buffer overflow in Apple QuickTime before 7.1
QuickTime 7.1 CVE-2006-2238 Internal/Not Credited 5/11/2006 Heap-based buffer overflow in Apple QuickTime before 7.1
Security Update 2006-003 CVE-2006-1982 4/3/2006(D) 5/11/2006 37 Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6,
Security Update 2006-003 CVE-2006-1983 4/19/2006(D) 5/11/2006 22 Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier 20
Security Update 2006-003 CVE-2006-1984 4/19/2006(D) 5/11/2006 22 Unspecified vulnerability in the _cg_TIFFSetField function
Security Update 2006-003 CVE-2006-1985 4/19/2006(D) 5/11/2006 22 Heap-based buffer overflow in BOM BOMArchiveHelper 10.4
Security Update 2006-003 CVE-2006-1440 Internal/Not Credited 5/11/2006 BOM in Apple Mac OS X 10.3.9 and 10.4.6
Security Update 2006-003 CVE-2006-1441 Internal/Not Credited 5/11/2006 Integer overflow in CFNetwork in Apple Mac OS X 10.4.6
Security Update 2006-003 CVE-2006-1614 4/6/2006(D) 5/11/2006 34 Clam AntiVirus
Security Update 2006-003 CVE-2006-1615 4/4/2006 5/11/2006 36 Clam AntiVirus
Security Update 2006-003 CVE-2006-1630 4/4/2006 5/11/2006 36 Clam AntiVirus
Security Update 2006-003 CVE-2006-1442 Internal/Not Credited 5/11/2006 CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6
Security Update 2006-003 CVE-2006-1443 Internal/Not Credited 5/11/2006 Integer underflow in CoreFoundation
Security Update 2006-003 CVE-2006-1448 Internal/Not Credited 5/11/2006 Finder in Apple Mac OS X 10.3.9 and 10.4.6
Security Update 2006-003 CVE-2006-1445 Internal/Not Credited 5/11/2006 Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 and 10.4.6
Security Update 2006-003 CVE-2006-1552 3/28/2006(D) 5/11/2006 43 Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5
Security Update 2006-003 CVE-2006-1447 Internal/Not Credited 5/11/2006 LaunchServices in Apple Mac OS X 10.4.6 allo
Security Update 2006-003 CVE-2005-4077 12/7/2005 5/11/2006 155 Multiple off-by-one errors in the cURL library
Security Update 2006-003 CVE-2006-1449 Internal/Not Credited 5/11/2006 Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6
Security Update 2006-003 CVE-2006-1450 Internal/Not Credited 5/11/2006 Mail in Apple Mac OS X 10.3.9 and 10.4.6
Security Update 2006-003 CVE-2006-1452 Internal/Not Credited 5/11/2006 Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up to 10.4.6
Security Update 2006-003 CVE-2006-1456 3/13/2006 5/11/2006 59 Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6
Security Update 2006-003 CVE-2006-1457 Internal/Not Credited 5/11/2006 Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading"
Mac OS X 10.4.7 Update CVE-2006-1989 4/29/2006 6/27/2006 59 Freshclam in ClamAV
Mac OS X 10.4.7 Update CVE-2006-1469 Internal/Not Credited 6/27/2006 Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6
iTunes 6.0.5 CVE-2006-1467 4/7/2006 6/29/2006 83 Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 23
Security Update 2006-004 CVE-2006-1473 7/17/2006 8/1/2006 15 Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7
Security Update 2006-004 CVE-2006-3459 7/17/2006 8/1/2006 15 Multiple stack-based buffer overflows in the TIFF library
Security Update 2006-004 CVE-2006-3461 7/17/2006 8/1/2006 15 Heap-based buffer overflow in the PixarLog decoder in the TIFF library
Security Update 2006-004 CVE-2006-3462 7/17/2006 8/1/2006 15 Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library
Security Update 2006-004 CVE-2006-3465 7/17/2006 8/1/2006 15 Unspecified vulnerability in the custom tag support for the TIFF library
Security Update 2006-004 CVE-2006-3497 2/21/2006 8/1/2006 161 Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7
Security Update 2006-004 CVE-2006-3498 Internal/Not Credited 8/1/2006 Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7
Security Update 2006-004 CVE-2005-2335 7/21/2005 8/1/2006 376 Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2
Security Update 2006-004 CVE-2005-3088 10/21/2005 8/1/2006 284 fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2
Security Update 2006-004 CVE-2005-4348 12/19/2005 8/1/2006 225 fetchmail before 6.3.1 and before 6.2.5.5
Security Update 2006-004 CVE-2006-0321 1/22/2006 8/1/2006 191 fetchmail 6.3.0 and other versions before 6.3.2
Security Update 2006-004 CVE-2006-0392 Internal/Not Credited 8/1/2006 Buffer overflow in Apple Mac OS X 10.4.7
Security Update 2006-004 CVE-2006-3501 Internal/Not Credited 8/1/2006 Integer overflow in ImageIO for Apple Mac OS X 10.4.7
Security Update 2006-004 CVE-2006-3502 Internal/Not Credited 8/1/2006 Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7
Security Update 2006-004 CVE-2006-3503 5/9/2006 8/1/2006 84 Integer overflow in ImageIO in Apple Mac OS X 10.4.7
Security Update 2006-004 CVE-2006-3504 Internal/Not Credited 8/1/2006 The Download Validation in LaunchServices for Apple Mac OS X 10.4.7
Security Update 2006-004 CVE-2006-3505 3/27/2006 8/1/2006 127 WebKit in Apple Mac OS X 10.3.9 and 10.4.7
Xsan Filesystem 1.4 CVE-2006-3506 Withheld by researcher 8/17/2006 Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7
QuickTime 7.1.3 CVE-2006-4381 5/6/2006 9/12/2006 129 Integer overflow in Apple QuickTime before 7.1.3
QuickTime 7.1.3 CVE-2006-4386 6/12/2006 9/12/2006 92 Integer overflow in Apple QuickTime before 7.1.3
QuickTime 7.1.3 CVE-2006-4382 6/12/2006 9/12/2006 92 Multiple buffer overflows in Apple QuickTime before 7.1.3
QuickTime 7.1.3 CVE-2006-4384 8/16/2006 9/12/2006 27 Heap-based buffer overflow in Apple QuickTime before 7.1.3
QuickTime 7.1.3 CVE-2006-4388 6/12/2006 9/12/2006 92 Integer overflow in Apple QuickTime before 7.1.3
QuickTime 7.1.3 CVE-2006-4389 6/12/2006 9/12/2006 92 Apple QuickTime before 7.1.3
QuickTime 7.1.3 CVE-2006-4385 6/12/2006 9/12/2006 92 Buffer overflow in Apple QuickTime before 7.1.3
AirPort Update 2006-001 CVE-2006-3507 Internal/Not Credited 9/21/2006 Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7
AirPort Update 2006-001 CVE-2006-3508 Internal/Not Credited 9/21/2006 Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7
AirPort Update 2006-001 CVE-2006-3509 Internal/Not Credited 9/21/2006 Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7
Mac OS X 10.4.8 Update CVE-2006-4391 8/1/2006 9/29/2006 59 Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7
Mac OS X 10.4.8 Update CVE-2006-4395 Internal/Not Credited 9/29/2006 Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 30
Mac OS X 10.4.8 Update CVE-2006-3946 5/9/2006(D) 9/29/2006 143 WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7
Xcode Tools 2.4.1 CVE-2006-4146 8/28/2006 10/31/2006 64 Buffer overflow in the (1) DWARF
Security Update 2006-007 CVE-2006-5710 11/11/2006(D) 11/28/2006 17 The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8,
Security Update 2006-007 CVE-2006-4400 Internal/Not Credited 11/28/2006 Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8
Security Update 2006-007 CVE-2006-4402 Internal/Not Credited 11/28/2006 Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8
Security Update 2006-007 CVE-2006-4334 8/29/2006 11/28/2006 91 Unspecified vulnerability in gzip 1.3.5
Security Update 2006-007 CVE-2006-4335 8/29/2006 11/28/2006 91 Array index error in the make_table function
Security Update 2006-007 CVE-2006-4336 8/29/2006 11/28/2006 91 Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5
Security Update 2006-007 CVE-2006-4337 8/29/2006 11/28/2006 91 Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5
Security Update 2006-007 CVE-2006-4338 8/29/2006 11/28/2006 91 unlzh.c in the LHZ component in gzip 1.3.5
Security Update 2006-007 CVE-2006-4404 Internal/Not Credited 11/28/2006 Installer application in Apple Mac OS X 10.4.8 and earlier,
Security Update 2006-007 CVE-2005-3962 12/1/2005 11/28/2006 362 Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl)
Security Update 2006-007 CVE-2006-1490 3/28/2006 11/28/2006 245 PHP before 5.1.3-RC1
Security Update 2006-007 CVE-2006-1990 4/24/2006(D) 11/28/2006 218 PHP before 5.1.3-RC1
Security Update 2006-007 CVE-2006-5465 11/2/2006 11/28/2006 26 Buffer overflow in PHP before 5.2.0
Security Update 2006-007 CVE-2006-4406 9/14/2006 11/28/2006 75 Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8
Security Update 2006-007 CVE-2006-4412 9/5/2006 11/28/2006 84 WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8
Average Time to Patch:           82 days