Severity: High
15 February, 2007
Summary:
Today, Apple released a security update fixing four security issues in software packages that ship as part of OS X, including Finder, iChat, and UserNotificationCenter. An attacker exploiting the worst of these security issues could execute code on your Mac, possibly gaining full control of your computer. If you manage OS X 10.3.9 or 10.4.8 machines, you should download, test, and install the appropriate Apple security update as soon as possible.
Exposure:
Apple’s latest security update corrects four vulnerabilities affecting software packages that ship with OS X 10.3.9 and 10.4.8. Two of the vulnerabilities allow attackers to execute arbitrary code on your OS X machines. The vulnerabilities include:
Severity: High
15 February, 2007
Summary:
Today, Apple released a security update fixing four security issues in software packages that ship as part of OS X, including Finder, iChat, and UserNotificationCenter. An attacker exploiting the worst of these security issues could execute code on your Mac, possibly gaining full control of your computer. If you manage OS X 10.3.9 or 10.4.8 machines, you should download, test, and install the appropriate Apple security update as soon as possible.
Exposure:
Apple’s latest security update corrects four vulnerabilities affecting software packages that ship with OS X 10.3.9 and 10.4.8. Two of the vulnerabilities allow attackers to execute arbitrary code on your OS X machines. The vulnerabilities include:
- Buffer Overflow Vulnerability in Finder. Finder is the application that helps you organize, display, and search for files and folders in OS X. Unfortunately, Finder suffers from a buffer overflow vulnerability involving the way it handles specially malformed disk images (.DMG). By enticing one of your users into downloading and mounting a malicious disk image, an attacker could exploit this flaw to either crash Finder, or to execute code on that user’s computer with that user’s privileges. Kevin Finisterre and his research partners disclosed this vulnerability early last month during their Month of Apple Bugs (MoAB) event. They also released public Proof-of-Concept (PoC) code that could allow an attacker to easily exploit this issue. With this exploit code available for the pillaging, we recommend you patch quickly.
- Multiple iChat vulnerabilities. iChat is OS X’s instant messaging client. It allows to you chat real-time with your friends. According to Apple’s alert, iChat suffers from two security vulnerabilities, one trivial and one very serious. iChat’s less severe vulnerability concerns a flaw in its Bonjour message handling features that could result in a Denial of Service. By sending a specially crafted message, an attacker on your local network could exploit this flaw to crash iChat. However, having local attackers crash your chat client seems more a nuisance than a serious threat.
On the other hand, the second iChat vulnerability flaw poses a much larger risk. The code iChat uses to process AOL Instant Messaging (AOL) URLs suffers from a format string vulnerability. By enticing one of your users into visiting a malicious Web page, an attacker can exploit this flaw to execute code on that user’s OS X machine, potentially gaining complete control of it. The MoAB team has released a PoC exploit for these flaws as well.
- UserNotificationCenter Elevation of Privilege Flaw. UserNotificationCenter is an OS X process that presents you with special notification dialogs during certain types of system events. Unfortunately, this process suffers from an elevation of privilege flaw. By running a specially crafted application, a local attacker can exploit this flaw to gain administrative privileges on your OS X machines. However, the attacker must already have access to your OS X machine in order to carry out his attack. That said, this vulnerability would combine well with either of the code execution flaws described above to give an attacker complete control of your OS X computers.
The MoAB team has released PoC exploits for all of these flaws. A motivated attacker could easily modify these PoC exploits and combine them in an attack that could yield the attacker full control of your OS X machines. You should definitely patch your OS X machines as soon as you can.
Solution Path:
Apple has released updates to fix these vulnerabilities for both OS X 10.3.9 and 10.4.8. Apple OS X administrators should download, test, and deploy the appropriate updates as soon as possible.
- Security Update 2007-02 for Panther
- Security Update 2007-02 for PPC
- Security Update 2007-02 Universal
Note: If you have trouble figuring out which of these patches corresponds to your version of OS X, we recommend you let OS X’s Software Update utility automatically pick the correct update for you.
For All Users:
These flaws support diverse exploitation methods. Some of the exploits are local, meaning that your perimeter firewall never encounters the attack (unless you use firewalls internally between departments). The most secure course of action is to install the updates.
Status:
Apple released updates to fix these issues.