N/A

libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message.

N/A

N/A

Apple Mac OS X ‘libsecurity’ 输入验证漏洞

Apple Mac OS X是美国苹果（Apple）公司为Mac计算机所开发的一套专用操作系统。 Apple Mac OS X 10.7.2之前版本中的libsecurity中存在输入验证漏洞。由于在Certificate Revocation list (CRL)中的不标准插件处理过程中不能准确处理错误，远程攻击者可借助特制的（1）web站点或（2）邮件消息执行任意代码，或导致拒绝服务（应用程序崩溃）。

N/A

N/A