|
|
|
|
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA30430
|
|
|
Release Date:
|
2008-05-29
|
|
Last Update:
|
2008-05-30
|
|
Popularity:
|
6,385 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Security Bypass
Cross Site Scripting
Exposure of system information
Exposure of sensitive information
Privilege escalation
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Apple Macintosh OS X
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
| | CVE reference: | CVE-2005-3352
CVE-2005-3357
CVE-2007-0071
CVE-2007-1863
CVE-2007-3847
CVE-2007-4465
CVE-2007-5000
CVE-2007-5266
CVE-2007-5268
CVE-2007-5269
CVE-2007-5275
CVE-2007-6019
CVE-2007-6243
CVE-2007-6388
CVE-2007-6612
CVE-2007-6637
CVE-2008-1027
CVE-2008-1028
CVE-2008-1030
CVE-2008-1031
CVE-2008-1032
CVE-2008-1033
CVE-2008-1034
CVE-2008-1036
CVE-2008-1571
CVE-2008-1572
CVE-2008-1573
CVE-2008-1574
CVE-2008-1575
CVE-2008-1576
CVE-2008-1577
CVE-2008-1578
CVE-2008-1579
CVE-2008-1580
CVE-2008-1654
CVE-2008-1655
|
|
Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) An error in AFP server allows connected users or guests to access files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks or to cause a DoS (Denial of Service).
For more information:
SA18008
SA18307
SA26273
SA26636
SA28081
The vulnerabilities affect Mac OS X Server v10.4.x.
3) An unspecified error in AppKit can potentially be exploited to execute arbitrary code when a user opens a specially crafted document file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet video files. These can be exploited to cause memory corruption and potentially allow for execution of arbitrary code when a user opens a specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing embedded fonts in PDF files. This can be exploited to cause a memory corruption when a PDF file containing a specially crafted embedded font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to an information disclosure of the first client certificate found in the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData objects. This can be exploited to cause a heap-based buffer overflow if an application calls "CFDataReplaceBytes" with an invalid "length" argument.
8) An error due to an uninitialised variable in CoreGraphics can potentially be exploited to execute arbitrary code when a specially crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling help:topic URLs can be exploited to cause a buffer overflow when a specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character encodings. This can potentially be exploited bypass content filters and may lead to cross-site scripting and disclosure of sensitive information.
14) Input passed to unspecified parameters in Image Capture's embedded web server is not properly sanitised before being used. This can be exploited to disclose the content of local files via directory traversal attacks.
15) An error in the handling of temporary files in Image Capture can be exploited by malicious, local users to manipulate files with the privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of JPEG2000 images can be exploited to cause a heap-based buffer overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and can lead to disclosure of sensitive information and potentially execution of arbitrary code when mail is sent through an SMTP server over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed to it in its arguments, which can be exploited by malicious, local users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local user names when nonexistent blogs are accessed.
Solution:
Update to Mac OS X 10.5.3 or apply Security Update 2008-003.
Security Update 2008-003 (PPC):
http://www.apple.com/support/downloads/securityupdate2008003ppc.html
Security Update 2008-003 Server (PPC):
http://www.apple.com/support/downloads/securityupdate2008003serverppc.html
Security Update 2008-003 Server (Universal):
http://www.apple.com/support/downloads/securityupdate2008003serveruniversal.html
Security Update 2008-003 (Intel):
http://www.apple.com/support/downloads/securityupdate2008003intel.html
Mac OS X 10.5.3 Combo Update:
http://www.apple.com/support/downloads/macosx1053comboupdate.html
Mac OS X 10.5.3 Update:
http://www.apple.com/support/downloads/macosx1053update.html
Mac OS X Server 10.5.3 Combo Update:
http://www.apple.com/support/downloads/macosxserver1053comboupdate.html
Mac OS X Server 10.5.3 Update:
http://www.apple.com/support/downloads/macosxserver1053update.html
Provided and/or discovered by:
The vendor credits:
1) Alex deVries and Robert Rich
3) Rosyna of Unsanity
5) Melissa O'Neill, Harvey Mudd College
9) Brian Mastenbrook
12) Paul Haddad, PTH Consulting
16) Gynvael Coldwind, Hispasec
19) Derek Morr, Pennsylvania State University
21) Geoff Franks, Hauptman Woodward Institute
22) Don Rainwater, University of Cincinnati
Changelog:
2008-05-29: Added links to Mac OS X 10.5.3 in "Solution" section.
2008-05-30: Added link to US-CERT.
Original Advisory:
http://support.apple.com/kb/HT1897
Other References:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
US-CERT VU#566875:
http://www.kb.cert.org/vuls/id/566875
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
10th Oct, 2008
|
New advisories:
|
15 |
|
New vulnerabilities:
|
83 |
|
Updated advisories:
|
41 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
|
|
Send Feedback to Secunia
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
|
