Critical Macintosh Security Patches
Apple patched some interesting vulnerabilities that could be exploited by convincing users to view malicious web pages or email. And one local privilege escalation bug was fixed.
Mac OS X 10.5.2 and Security Update 2008-001
Definitely used on campus
Remote Code Execution
Exploit Code Available:
- Mac OS X versions 10.4.x
- Mac OS X Server versions 10.4.x
- Mac OS X versions 10.5.x
Multiple vulnerabilities have been identified in Apple Mac OS X, which could be exploited by remote or local attackers to cause a denial of service, disclose sensitive information, bypass security restrictions or compromise an affected system.
The first issue is caused by a memory corruption error in Safari when handling malformed URLs, which could be exploited by attackers to crash a vulnerable browser or execute arbitrary code.
The second weakness is caused by a design error in Launch Services, which could allow an uninstalled application to be launched if it is present in a Time Machine backup.
The third vulnerability is caused by an implementation issue in Mail's handling of "file://" URLs, which could allow arbitrary applications to be launched without warning when a user clicks a URL in a message.
The fourth issue is caused by a memory corruption error in NFS's handling of mbuf chains, which could be exploited by attackers to crash or compromise an affected system.
The fifth weakness is caused by an error in Parental Controls that inadvertently contact www.apple.com when a website is unblocked, which could allow a remote user to detect the machines running Parental Controls.
The sixth issue is caused by an error in Samba. For additional information, see : FrSIRT/ADV-2007-4153
The seventh vulnerability is caused by an input validation error in the processing of URL schemes handled by Terminal.app, which could be exploited by a malicious web site to cause an application to be launched with controlled command line arguments, which may lead to arbitrary code execution.
The eighth issue is caused by errors in X11. For additional information, see : FrSIRT/ADV-2007-3337
The ninth vulnerability is caused by an error in the X11 server that does not correctly read its "Allow connections from network client" preference, which can cause the X11 server to allow connections from network clients, even when the preference is turned off.
The tenth issue is caused by a stack buffer overflow exists in the Service Location Protocol (SLP) daemon, which may allow a local user to execute arbitrary code with system privileges.
The eleventh issue is caused by a race condition in Open Directory's Active Directory plug-in may terminate the operation of winbindd, causing NTLM authentications to fail (denial of service).
Suggested Mitigation Steps:
- From the Help menu choose "Check for Updates...".
- Follow the on-screen instructions to install any available updates.