On The Insider: Britney's Bikini-Clad Top 10
BNET Business Network:
BNET
TechRepublic
ZDNet

June 30th, 2008

Apple plugs 25 Mac OS X security vulnerabilities

Posted by Ryan Naraine @ 2:10 pm

Categories: Apple, Arbitrary Code Execution, Browsers, Complex Attacks, Denial of Service (DoS), Kernel-level Exploits, Locally Running Web Servers, Patch Watch, Pen testing, Responsible disclosure, Viruses and Worms, Vulnerability research

Tags: Security, Apple Macintosh, Apple Inc., Arbitrary Code Execution, Small And Medium Business, Apache Tomcat, Application Termination, Apple Mac OS X, Apple Mac OS, Smb/Sme

Mac OS X update plugs security holesApple has shipped another Mac OS X monster update to fix a total of 25 documented vulnerabilities that could lead to arbitrary code execution attacks.

With Security Update 2008-004, Apple fixes code execution flaws in Launch Services, SMB File Server, System Configuration, VPN and WebKit.

It also incorporates fixes for six highly critical — and previously disclosed — vulnerabilities in Ruby, the popular open-source scripting language.  The update also sees a major Tomcat patch that addresses nine  vulnerabilities, the most serious of which may lead to a cross-site scripting attack.

Here’s the skinny from Apple’s security bulletin:

Alias Manager (CVE-2008-2308):  A memory corruption issue exists in the handling of AFP volume mount information in an alias data structure. Resolving an alias containing maliciously crafted volume mount information may lead to an unexpected application termination or arbitrary code execution.  This issue only affects Intel-based systems running Mac OS X 10.5.1 or earlier.

CoreTypes (CVE-2008-2309):  This update adds .xht and .xhtm files to the system’s list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from a web page. While these content types are not automatically launched, if manually opened they could lead to the execution of a malicious payload.

c++filt (CVE-2008-2310): A format string issue exists in c++filt, which is a debugging tool used to demangle C++ and Java symbols. Passing a maliciously crafted string to c++filt may lead to an unexpected application termination or arbitrary code execution.  This issue does not affect systems prior to Mac OS X 10.5.

Dock (CVE-2008-2314): When the system is set to require a password to wake from sleep or screen saver, and Exposé hot corners are set, a person with physical access may be able to access the system without entering a password.  This issue does not affect systems prior to Mac OS X 10.5.

Launch Services (CVE-2008-2311): A race condition exists in the download validation of symbolic links, when the target of the link changes during the narrow time window of validation. If the “Open ’safe’ files” preference is enabled in Safari, visiting a maliciously crafted website may cause a file to be opened on the user’s system, resulting in arbitrary code execution. This issue does not affect systems running Mac OS X 10.5 or later.

Net-SNMP (CVE-2008-0960): An issue exists in Net-SNMP’s SNMPv3 authentication, which may allow maliciously crafted packets to bypass the authentication check.  Additional information is available from US-CERT.

Ruby: Multiple memory corruption issues exist in Ruby’s handling of strings and arrays, the most serious of which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of strings and arrays.  Also,  if WEBRick is running, a remote attacker may be able to access files protected by WEBrick’s :NondisclosureName option

[ SEE: Apple security team finds code execution holes in Ruby ]

SMB File Server (CVE-2008-1105): A heap buffer overflow exists in the handling of SMB packets. Sending malicious SMB packets to a SMB server, or connecting to a malicious SMB server, may lead to an unexpected application termination or arbitrary code execution.

System Configuration (CVE-2008-2313): A local user may be able to populate the User Template directory with files that will become part of the home directory when a new user is created. This could allow arbitrary code execution with the privileges of the new user.  This issue does not affect systems running Mac OS X 10.5 or later.

Tomcat:  Tomcat version 4.x is bundled on Mac OS X v10.4.11 systems. Tomcat on Mac OS X v10.4.11 is updated to version 4.1.37 to address several vulnerabilities, the most serious of which may lead to a cross-site scripting attack. Further information is available via the Tomcat site.

VPN (CVE-2007-6276): A divide by zero issue exists in the virtual private network daemon’s handling of load balancing information. Processing a maliciously crafted UDP packet may lead to an unexpected application termination. This issue does not lead to arbitrary code execution.

WebKit (CVE-2008-2307):  A memory corruption issue exists in WebKit’s handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.  Along with this fix, the version of Safari for Mac OS X v10.5.4 is updated to 3.1.2.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 36 Talkback(s)
Mug
Archos or iPod, HTC vs iPhone. Are you simply put off by
marketing and popularity? HTC phones are feature rich and
look great in a paper comparison, but try one for a week
next to an iPh... (Read the rest)
Posted by: Easter is coming Posted on: 07/05/08  (Edited: 07/05/08 @ 03:15) You are currently: a Guest | | Terms of Use
Another 25?  NonZealot | 06/30/08
Ah NonZealot...  nmcfeters | 06/30/08
The battles don't seem to crop up much anymore.  ye | 07/01/08
Yeah...  jasonp@... | 07/01/08
What argument(s) would you be referring to? (nt)  ye | 07/01/08
The same tired arguments...  jasonp@... | 07/01/08
It's one of degree.  ye | 07/01/08
In theory OS X is more secure  Ed Lin | 07/01/08
Here we go again with the vague statements of better security...  ye | 07/01/08
Nah...  zkiwi | 07/01/08
Um, why would he?  laura.b | 07/02/08
Well...  zkiwi | 07/02/08
Just some facts  sleppy37 | 07/02/08
re: Just some facts  Badgered | 07/02/08
@ Badgered  willpd13 | 07/03/08
@ willpd13  Badgered | 07/03/08
@ Badgered  willpd13 | 07/04/08
Lost their BSD roots.  TripleII | 06/30/08
OpenBSD !=BSD  ye | 07/01/08
Absolutely, that's my point.  TripleII | 07/01/08
Consider the Architecture  fde101 | 07/01/08
Again: OpenBSD != BSD  ye | 07/01/08
None of them are holes...  Pederson | 06/30/08
Interesting  sleppy37 | 07/02/08
Currently the Mac is safer, it's just not more secure.  ye | 07/01/08
Moving Target  fde101 | 07/01/08
Please detail these better "locks"  ye | 07/01/08
FOAD  richvball44 | 07/03/08
Mug  Easter is coming | 07/05/08
RE: Apple plugs 25 Mac OS X security vulnerabilities  Telix | 06/30/08
Huh.  msalzberg | 06/30/08
you just need the Delta Update, 88MB  Pederson | 06/30/08
RE: Apple plugs 25 Mac OS X security vulnerabilities  DannyO_0x98 | 06/30/08
ARDAgent vuln  Ryan NaraineZDNet Moderator | 07/01/08
maybe tricky for Apple  Ed Lin | 07/01/08
RE: Apple plugs 25 Mac OS X security vulnerabilities  drprod@... | 07/03/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement
Click Here

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here