On TechRepublic: 12 tech terms that make you sound old
BNET Business Network:
BNET
TechRepublic
ZDNet

May 14th, 2009

Apple eliminates CanSecWest Pwn2Own flaws

Posted by Ryan Naraine @ 2:25 pm

Categories: Apple, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Firefox, Hackers, Microsoft, Mozilla, Patch Watch, Pen testing, Responsible disclosure, Reverse Engineering

Tags:

Here’s a little ditty that was almost lost in the sheer volume of this week’s Mac OS X security update: Apple has finally patched the two vulnerabilities used to win this year’s CanSecWest Pwn2Own hacking contest.

The two flaws were used by Charlie Miller and a German researcher known only as “Nils” to launch successful drive-by download attacks against Apple’s Safari browser.

[ SEE: Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari ]

However, according to Apple’s release notes, the bug exploited by Miller actually affected ATS (Apple Type Services).

  • ATS (CVE-2009-0154):  A heap buffer overflow exists in Apple Type Services’ handling of Compact Font Format (CFF) fonts. Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution. This update addresses the issue through improved bounds checking.

The vulnerability used during Nils’ exploit affected WebKit:

  • CVE-2009-0945:  A memory corruption issue exists in WebKit’s handling of SVGList objects. Visiting a maliciously crafted website may lead to arbitrary code execution. This update addresses the issue through improved bounds checking.

Mozilla was the first to issue a fix for its Pwn2Own embarrassment.  Microsoft is yet to fix the vulnerability that was exploited via Internet Explorer.

ALSO SEE:

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 12 Talkback(s)
@ honeymonster
It's not just OSS that Apple patched. Apple included an Adobe Flash Player fix in their patch and it got counted as a OSX vulnerability as well as a Flash Player vulnerability.

Read the rest)
Posted by: ashdude Posted on: 05/16/09  (Edited: 05/16/09 @ 12:11) You are currently: a Guest | | Terms of Use
Fault Elimination  DannyO_0x98 | 05/14/09
More noise  Richard Flude | 05/14/09
Re:  dvm | 05/14/09
Is it fixed?  Richard Flude | 05/14/09
Not sandbox  honeymonster | 05/15/09
Of course MS hasn't disclosed that vulnerability.  ashdude | 05/16/09
Oh man  honeymonster | 05/16/09
@ honeymonster  ashdude | 05/16/09
Yet More Noise  DannyO_0x98 | 05/14/09
The part of this article that makes my eyes roll the most  possmann | 05/15/09
But OSX has worse security...  ashdude | 05/15/09
What is truly interesting  honeymonster | 05/15/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement
Click Here

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Meet Doc