Hefty security fix for Apple Mac OS X, Safari

Article

Hefty security fix for Apple Mac OS X, Safari

Bill Brenner, Senior News Writer

Apple Inc. released a massive security update Wednesday, fixing flaws attackers could exploit in Mac OS X and Safari to infect machines with malware and cause system crashes.

Apple Security Update 2007-008 addresses some 41 vulnerabilities, including the following:

  • An input validation issue in Adobe Flash Player attackers could exploit to launch malicious code by tricking the user into opening maliciously crafted Flash content. Apple has updated Adobe Flash Player to version 9.0.47.0 to fix the problem.

  • A null pointer dereference issue in AppleRAID that may be triggered when mounting a striped disk image. Attackers could exploit this to cause an unexpected system shutdown. Apple noted that Safari will automatically mount disk images when "Open `safe' files after downloading" is enabled. This update addresses the issue by performing additional validation of disk images.

  • ISC BIND 9 through 9.5.0a5 uses a weak random number generator during the creation of DNS query IDs when answering resolver questions or sending NOTIFY messages to slave name servers. This makes it easier for remote attackers to guess the next query ID and perform DNS cache poisoning. This update addresses the issue by improving the random number generator.

  • An implementation issue exists in the File Transfer Protocol (FTP) portion of CFNetwork. By sending maliciously crafted replies to FTP

      • Requires Free Membership to View

      Login

      SearchSecurity.co.UK members gain immediate and unlimited access to breaking UK industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.co.UK today!

      Michael S. Mimoso, Editorial Director

      By submitting your registration information to SearchSecurity.co.uk you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.co.uk is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

    • PASV (passive) commands, FTP servers are able to cause clients to connect to other hosts. This update addresses the issue by performing additional validation of IP addresses.

    • An issue exists in the validation of certificates. A man-in-the-middle attacker may be able to direct the user to a legitimate site with a valid SSL certificate, then redirect the user to a spoofed Web site rigged with malware. Attackers could exploit this to collect user credentials and other information. This update addresses the issue through improved validation of certificates.

    • A null pointer dereference issue exists in the CFNetwork framework. By tricking a user into using a vulnerable application to connect to a malicious server, an attacker could crash the application. This update addresses the issue by performing additional validation of HTTP replies.

    • A one-byte buffer overflow may occur in CoreFoundation when listing the contents of a directory. By enticing a user to read a maliciously crafted directory hierarchy, an attacker could crash an application or launch malicious code. This update addresses the issue by ensuring that the destination buffer is sized to contain the data.

    • An uninitialized object pointer vulnerability exists in the handling of text content. By tricking a user into viewing maliciously crafted text content, an attacker could crash an application or launch malicious code. This update addresses the issue by performing additional validation of object pointers.

    • Attackers could exploit format string and tabbed browsing implementation errors in Safari by tricking a user into opening a download file with a maliciously crafted name. By doing this, the attacker could crash the application or launch malicious code. This update addresses the issue through improved handling of format strings and improved handling of authentication sheets.


    Back to top