On BNET: Online porn struggles for profits
BNET Business Network:
BNET
TechRepublic
ZDNet

November 9th, 2009

Mac OS X mega patch covers 58 security vulnerabilities

Posted by Ryan Naraine @ 2:17 pm

Categories: Adobe, Apple, Arbitrary Code Execution, Botnets, Browsers, Data theft, Denial of Service (DoS), Exploit code, Malware, Open source, Passwords, Patch Watch

Tags: Security, Apple Macintosh, Apple Mac OS X V10.6 Snow Leopard, Update, Mac OS X Server, Server, Issue, Arbitrary Code Execution, Impact, Adaptive Firewall Description

Apple has dropped another mega-patch to cover a total of 58 documented vulnerabilities affecting the Mac OS X ecosystem.

The majority of the flaws could allow a remote attacker to gain complete control of an unpatched system, meaning that this update carries an “extremely critical rating.”

It includes patches for open-source components like Apache and PHP and security holes in the QuickTime media player.


Here’s a glimpse of some of the more serious issues covered in the Security Update 2009-006/Mac OS X v10.6.2 patch bundle:

  • AFP Client — Multiple memory corruption issues exist in AFP Client. Connecting to a malicious AFP Server may cause an unexpected system termination or arbitrary code execution with system privileges.
  • Apache — Apache is updated to version 2.2.13 to address several vulnerabilities, the most serious of which may lead to privilege escalation.  A separate patch corrects a flaw that allows an attacker to use the TRACE HTTP method in the Apache Web server to conduct cross-site scripting attacks through certain web client software.
  • Apache Portable Runtime — Multiple integer overflows in Apache Portable Runtime (apr) may lead to an unexpected application termination or arbitrary code execution.
  • ATS — Multiple buffer overflows exist in Apple Type Services’ handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
  • CoreGraphics — Multiple integer overflows in CoreGraphics’ handling of PDF files may result in a heap buffer overflow. Opening a maliciously crafted PDF file may lead to an unexpected application termination or
    arbitrary code execution.
  • CoreMedia — Memory corruption and heap buffer overflow issues exist in the handling of H.264 movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution.
  • CUPS — An issue in CUPS may lead to cross-site scripting and HTTP response splitting. Accessing a maliciously crafted web page or URL may allow an attacker to access content available to the current local user via the CUPS web interface. This could include print system configuration and the titles of jobs that have been printed.
  • Dictionary –  A design issue in Dictionary allows maliciously crafted Javascript to write arbitrary data to arbitary locations on the user’s filesystem. This may allow another user on the local network to execute arbitrary code on the user’s system.
  • DirectoryService – A memory corruption issue exists in DirectoryService. This may allow a remote attacker to cause an unexpected application termination or arbitrary code execution. This update only affects
    systems configured as DirectoryService servers.
  • Disk Images — A heap buffer overflow exists in the handling of disk images containing FAT filesystems. Downloading a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution.
  • Dovecot — Multiple buffer overflows exist in dovecot-sieve. By implementing a maliciously crafted dovecot-sieve script, a local user may cause an unexpected application termination or arbitrary code
    execution with system privileges.
  • ImageIO –  A buffer underflow exists in ImageIO’s handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.
  • Kernel – Multiple input validation issues exist in Kernel’s handling of task state segments. These may allow a local user to cause information disclosure, an unexpected system shutdown, or arbitrary code execution.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 135 Talkback(s)
RE: Mac OS X mega patch covers 58 security vulnerabilities
Both of them send for the CDs. (Read the rest)
Posted by: geoffmartin Posted on: 12/04/09 You are currently: a Guest | | Terms of Use
Yikes, that sounds bad  NonZealot | 11/09/09
Heh  jeremychappell | 11/09/09
Dat sounds SWEET.  AdventTech67 | 11/09/09
Alternate OS  WarhavenSC | 11/10/09
Err...  jeremychappell | 11/10/09
Poor examples...  edwards.wb | 11/10/09
Good grief  frabjous | 11/10/09
Rumour has it...  914four | 11/15/09
re: Yikes, that sounds bad  Gis Bun | 11/10/09
Good one, NZ  Tigertank | 11/10/09
First Post...  An Apple a Day | 11/10/09
473MB?!?!?!  ye | 11/09/09
The Dial-Up Question  DannyO_0x98 | 11/09/09
Er.... "Idles nicely...?"  Wolfie2K3 | 11/10/09
The actual size of the patch..  msalzberg | 11/09/09
157.7MB here as well  oncall | 11/09/09
The larger file...  msalzberg | 11/09/09
No, the actual size is 479MB  ye | 11/10/09
On the ignoring facts thing, you're a past master of it  zkiwi | 11/10/09
What a lame response.  ye | 11/10/09
Lame? That's you...  zkiwi | 11/10/09
The size of the combo patch...  msalzberg | 11/10/09
Thank you for finally admintting it's 479MB.  ye | 11/10/09
So will you admit...  msalzberg | 11/10/09
LOL! You would have a point if I ever denied...  ye | 11/10/09
@ye, always picking a foolish fight.  msalzberg | 11/10/09
What a discussion  oncall | 11/10/09
@msalzberg: There is no such thing as a lie by omission.  ye | 11/10/09
@ye, except that people can lie by omission...  zkiwi | 11/11/09
@zkiwi: No, they cannot.  ye | 11/11/09
@ye, People can and do lie by omission...  zkiwi | 11/11/09
Lying by omission is easy, I can do it too!  AzuMao | 11/15/09
What's dial up?? (NT)  Runningwithscissors | 11/10/09
Sound effect?  Raid6 | 11/10/09
they don't  techy_farmer | 11/10/09
re: 473MB?!?!?!  Gis Bun | 11/10/09
Yet it is smaller than....  Rick_K | 11/11/09
Sucks to be ye.  AzuMao | 11/10/09
What sad is this Service Pack is smaller than this update.  ye | 11/10/09
Isn't the 473 only if you count all the other updates for this version of  AzuMao | 11/10/09
Patch information  MACPCWTEVR | 11/11/09
The same way they get Windows XP SP2 n/t  grail@... | 11/10/09
Really?!  MACPCWTEVR | 11/11/09
There is a potential positive spin on this  honeymonster | 11/09/09
I don't think so...  jeremychappell | 11/09/09
The answer to this question is: Yes.  Captiosus | 11/10/09
The stream of patches seems quite constant  Earthling2 | 11/10/09
A Reasonable Question  Zonny | 11/10/09
A question that people have been asking for years  Tigertank | 11/10/09
Same question I've been asking  Wintel BSOD | 11/10/09
Not for a while yet  MACPCWTEVR | 11/11/09
It's a matter of releasing a product at all  grail@... | 11/10/09
I am NOT taking sides here, but  Economister | 11/09/09
Could we have an apology?  tonymcs@... | 11/09/09
Apple already caught lying in England  NonZealot | 11/09/09
The UK High Court got them with the G5  timisaac@... | 11/10/09
Not entirely faked  grail@... | 11/10/09
An older precident...  shis-ka-bob | 11/10/09
Err...  jeremychappell | 11/09/09
Um wrong  Johnny Vegas | 11/10/09
So 999 of all malware...  arminw | 11/10/09
Conficker...  Ceridan | 11/10/09
So imagine how much worse..  AzuMao | 11/11/09
Incorrect  grail@... | 11/10/09
Um wrong  Wintel BSOD | 11/10/09
And while you're at it...  zkiwi | 11/10/09
Apology for what?  Wintel BSOD | 11/10/09
Heads up! Thanks Ryan.  AdventTech67 | 11/09/09
Software QA really needs to improve  frgough | 11/09/09
Yes, but  Fred Fredrickson | 11/09/09
I guess that's one of the costs of freeloading  wolf_z | 11/10/09
Right, because we all know IIS is so much more secure.  AzuMao | 11/11/09
Hmmmmmmmmm, so if it is 3rd party they are off the hook?  Raid6 | 11/10/09
Yeah, but with 9% vs. 90%....  Wintel BSOD | 11/10/09
Huh?  Raid6 | 11/11/09
Apple "evil" vs. M$ "evil"  Wintel BSOD | 11/12/09
Is your mind so open...  Raid6 | 11/12/09
Not to everyone.  AzuMao | 11/12/09
And many are blind  Raid6 | 11/13/09
Ya  AzuMao | 11/13/09
It just goes to show...  tbensen@... | 11/10/09
Get a clue  rag@... | 11/10/09
Maybe because...  Qbt | 11/10/09
Not exactly.  Lunatic59 | 11/10/09
Actually no they are far MORE vulnerable.  Johnny Vegas | 11/10/09
Mac vs Windows  trm1945 | 11/10/09
Agreed  jacarter3 | 11/10/09
In my opinion  lehnerus2000 | 11/10/09
True Dat  MACPCWTEVR | 11/11/09
157 megabytes times 2 computers, Comcast hates me  HollywoodDog | 11/10/09
The cumulative update for  jacarter3 | 11/10/09
I suggest finding a better ISP  techy_farmer | 11/10/09
Not in the States  WarhavenSC | 11/10/09
And this supposed patch removed Atom & GMA950 support...  CyberGuerilla | 11/10/09
Of course  MACPCWTEVR | 11/11/09
Has username Ye has been hijacked by a troll??  zdnet-gregc | 11/10/09
More on this patch  K4thwright | 11/10/09
RE: Mac OS X mega patch covers 58 security vulnerabilities  joe6pack_z | 11/10/09
Vector Linux  Wintel BSOD | 11/10/09
RE: Mac OS X mega patch covers 58 security vulnerabilities  Techref6060 | 11/10/09
RE:RE: Mac OS X mega patch covers 58 security vulnerabilities  joe6pack_z | 11/10/09
RE: Mac OS X mega patch covers 58 security vulnerabilities  phatkat | 11/10/09
RE: Mac OS X mega patch covers 58 security vulnerabilities  Carlost1900 | 11/10/09
When are they going to learn?  Rodo1 | 11/10/09
RE:When are they going to learn?  joe6pack_z | 11/10/09
RE: When are they going to learn?  Rodo1 | 11/10/09
OK  gnesterenko | 11/11/09
tl;dr where is yum  scott1329 | 11/10/09
RE: Mac OS X mega patch covers 58 security vulnerabilities  Warlock104 | 11/10/09
I'd be more worried if they weren't patching...  BillDem | 11/10/09
How will I sleep at night???  smtp4me@... | 11/10/09
Stop the blame game  brokenspokes | 11/10/09
Yea the problem is that...  Qbt | 11/10/09
Caveat emptor  gnesterenko | 11/11/09
I understand  brokenspokes | 11/11/09
RE: Mac OS X mega patch covers 58 security vulnerabilities  j4jones | 11/11/09
RE: Mac OS X mega patch covers 58 security vulnerabilities  Turismo | 11/11/09
Apples days are over  Crestview | 11/11/09
Ya  AzuMao | 11/11/09
Why would you feel bad for them?  zkiwi | 11/11/09
ZOMG  gnesterenko | 11/11/09
RE: Mac OS X mega patch covers 58 security vulnerabilities  Another Canadian | 11/11/09
Dear Another Canadian,  nix_hed | 11/11/09
What he meant is  AzuMao | 11/12/09
RE: Mac OS X mega patch covers 58 security vulnerabilities  Disgruntled M$ User | 11/12/09
Look What The Dog Done Dragged In.  Synate.Deszeld | 11/12/09
The difference being.......  Ole Man | 11/12/09
Ole Man Is Clueless...  smtp4me@... | 11/12/09
Following that logic..  AzuMao | 11/14/09
Have you ever...  smtp4me@... | 11/14/09
Actually, it was an analogy.  AzuMao | 11/14/09
Stay with me here...  smtp4me@... | 11/15/09
I was replying to the following statement you made;  AzuMao | 11/15/09
Crash different  Raid6 | 11/13/09
RE: Mac OS X mega patch covers 58 security vulnerabilities  geoffmartin | 12/04/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here