October 9th, 2008

Mac OS X Patch Day: 40 security flaws fixed

Posted by Ryan Naraine @ 3:18 pm

Categories: Apple, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Hackers, Malware, Passwords, Patch Watch, Pen testing, Responsible disclosure, Viruses and Worms, Vulnerability research

Tags: Apple Macintosh, Vulnerability, Arbitrary Code Execution, Application Termination, Apple Mac OS X, Security, Operating Systems, Software, Apple Mac OS, Ryan Naraine

Apple has shipped another whopper of a patch to cover a total of 40 documented vulnerabilities affecting the Mac OS X ecosystem.

The Security Update 2008-007, available for Tiger and Leopard, covers a range of third-party components and Mac OS X flaws that could users at risk of remote code executions attacks.

The more serious vulnerabilities include:

• Apache: CVE-2007-6420, CVE-2008-1678, CVE-2008-2364) Apache is updated to version 2.2.9 to address several vulnerabilities, the most serious of which may lead to cross site request forgery.  Note: Apache version 2 is bundled with Mac OS X Server v10.4.x systems, but is not active by default.
• ClamAV:  (CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914) Multiple vulnerabilities exist in ClamAV 0.93.3, the most serious of which may lead to arbitrary code execution.
• ColorSync CVE-2008-3642) A buffer overflow exists in the handling of images  with an embedded ICC profile. Opening a maliciously crafted image with an embedded ICC profile may lead to an unexpected application termination or arbitrary code execution.
• CUPS (CVE-2008-3641) A range checking issue exists in the Hewlett-Packard Graphics Language (HPGL) filter, which may cause arbitrary memory to be overwritten with controlled data. If Printer Sharing is enabled, a remote attacker may be able to cause arbitrary code execution with the privileges of the ‘lp’ user. If Printer Sharing is not enabled, a local user may be able to obtain elevated privileges.
• libxslt (CVE-2008-1767)  A heap buffer overflow issue exists in the libxslt library. Viewing a maliciously crafted HTML page may lead to an unexpected application termination or arbitrary code execution.
• MySQL Server (CVE-2007-2691, CVE-2007-5969, CVE-2008-0226, CVE-2008-0227, CVE-2008-2079) MySQL is updated to version 5.0.67 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution.
• PHP (CVE-2007-4850, CVE-2008-0674, CVE-2008-2371) PHP is updated to  version 4.4.9 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution.
• PSNormalizer (CVE-2008-3647) A buffer overflow exists in PSNormalizer’s handling of the bounding box comment in PostScript files. Viewing a maliciously crafted PostScript file may lead to an unexpected application termination or arbitrary code execution.
• QuickLook (CVE-2008-4211) A signedness issue exists in QuickLook’s handling of
  columns in Microsoft Excel files may result in an out-of-bounds memory access. Downloading or viewing a maliciously crafted Microsoft Excel file may lead to an unexpected application termination or arbitrary code execution.