Apple plugs 21 Mac OS X security holes

Apple plugs 21 holes in Mac OS XApple has released a peck of patches to cover at least 21 documented security vulnerabilities affecting Mac OS X users.

With its eighth security update for 2008, the company shipped fixes for flaws that could lead to remote code execution and denial-of-service attacks . The patch batch also covers a range of serious vulnerabilities in the Adobe Flash Player plug-in.

Here’s the raw skinny on Security Update 2008-008/Mac OS X v10.5.6:

  • CVE-2008-4236: An infinite loop may occur in the Apple Type Services server’s handling of embedded fonts in PDF files. Viewing or downloading a PDF file containing a maliciously crafted embedded font may lead to a denial of service. This update addresses the issue by performing additional validation of embedded fonts. This issue does not affect systems prior to Mac OS X v10.5.
  • CVE-2008-4217: A signedness issue exists in BOM’s handling of CPIO headers which may result in a stack buffer overflow. Downloading or viewing a maliciously crafted CPIO archive may lead to arbitrary code execution or unexpected application termination. This update addresses the issue by performing additional validation of CPIO headers.
  • CVE-2008-3623: A heap buffer overflow exists in the handling of color spaces within CoreGraphics. Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
  • CVE-2008-317: Safari allows web sites to set cookies for country-specific top-level domains, which may allow a remote attacker to perform a session fixation attack and hijack a user’s credentials. This update addresses the issue by performing additional validation of domain names.
  • CVE-2008-4234: Mac OS X provides the Download Validation capability to indicate potentially unsafe files. Applications such as Safari and others use Download Validation to help warn users prior to launching files marked as potentially unsafe. This update adds to the list of potentially unsafe types. It adds the content type for files that have executable permissions and no specific application association. These files are potentially unsafe as they will launch in Terminal and their content will be executed as commands. While these files are not automatically launched, if manually opened they could lead to the execution of arbitrary code. This issue does not affect systems prior to Mac OS X v10.5.
  • CVE-2008-4818, CVE-2008-4819, CVE-2008-4820, CVE-2008-4821, CVE-2008-4822, CVE-2008-4823, CVE-2008-4824: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in to version 9.0.151.0. Further information is available via the Adobe web site.
  • CVE-2008-4218: Integer overflow issues exist within the i386_set_ldt and i386_get_ldt system calls, which may allow a local user to execute arbitrary code with system privileges. This update addresses the issues through improved bounds checking. These issues do not affect PowerPC systems.
  • CVE-2008-4219: An infinite loop may occur when a program located on an NFS share receives an exception. This may lead to an unexpected system shutdown. This update addresses the issue through improved handling of exceptions.
  • CVE-2008-4220: An integer overflow exists in Libsystem’s inet_net_pton API, which may lead to arbitrary code execution or the unexpected termination of the application using the API. This update addresses the issue through improved bounds checking. This API is not normally called with untrusted data, and no exploitable cases of this issue are known. This update is provided to help mitigate potential attacks against any application using this API.
  • CVE-2008-4221: A memory corruption issue exists in Libsystem’s strptime API. Parsing a maliciously crafted date string may lead to arbitrary code execution or unexpected application termination. This update addresses the issue through improved memory allocation.
  • CVE-2008-1391: Multiple integer overflows exist in Libsystem’s strfmon implementation. An application calling strfmon with large values of certain integer fields in the format string argument may unexpectedly terminate or lead to arbitrary code execution. This update addresses the issues through improved bounds checking.
  • CVE-2008-4237: The method by which the software on a managed client system installs per-host configuration information does not always correctly identify the system. On a misidentified system, per-host settings are not applied, including the screen saver lock. This update addresses the issue by having Managed Client use the correct system identification. This issue does not affect systems with built-in Ethernet.
  • CVE-2008-4222: An infinite loop may occur in the handling of TCP packets in natd. By sending a maliciously crafted TCP packet, a remote attacker may be able to cause a denial of service if Internet Sharing is enabled. This update addresses the issue by performing additional validation of TCP packets.
  • CVE-2008-4223: An authentication bypass issue exists in the Podcast Producer server, which may allow an unauthorized user to access administrative functions in the server. This update addresses the issue through improved handling of access restrictions. Podcast Producer was introduced in Mac OS X Server v10.5.
  • CVE-2008-4224: An input validation issue exists in the handling of malformed UDF volumes. Opening a maliciously crafted ISO file may lead to an unexpected system shutdown. This update addresses the issue through improved input validation.
[Source: zdnet]

0 comments