Severity: Medium
1 August, 2007
Summary:
Last night, Apple released a security update to fix 45 security issues in 16 software packages that ship as part of OS X, including Kerberos, gnuzip, and iChat. An attacker exploiting the worst of these security issues could execute code on your Mac, possibly gaining full control of your computer. If you manage OS X 10.3.9 or 10.4.10 computers, you should download, test, and install the appropriate Apple security update as soon as possible.
Exposure:
Depending on whether you refer to the list in Apple’s security update or the Common Vulnerabilities and Exposures (CVE) references, the latest OS X update corrects anywhere from 25 to 45 vulnerabilities affecting 16 software packages that ship as part of OS X 10.3.9 and 10.4.10. Some of these vulnerabilities allow attackers to execute any code they choose on your OS X machines, so you should apply Apple’s update as soon as you can. Three of the fixed vulnerabilities include:
Severity: Medium
1 August, 2007
Summary:
Last night, Apple released a security update to fix 45 security issues in 16 software packages that ship as part of OS X, including Kerberos, gnuzip, and iChat. An attacker exploiting the worst of these security issues could execute code on your Mac, possibly gaining full control of your computer. If you manage OS X 10.3.9 or 10.4.10 computers, you should download, test, and install the appropriate Apple security update as soon as possible.
Exposure:
Depending on whether you refer to the list in Apple’s security update or the Common Vulnerabilities and Exposures (CVE) references, the latest OS X update corrects anywhere from 25 to 45 vulnerabilities affecting 16 software packages that ship as part of OS X 10.3.9 and 10.4.10. Some of these vulnerabilities allow attackers to execute any code they choose on your OS X machines, so you should apply Apple’s update as soon as you can. Three of the fixed vulnerabilities include:
- Three remote code execution vulnerabilities in CoreAudio. CoreAudio is a component used to integrate a range of audio functions into OS X. The CoreAudio component suffers from three vulnerabilities involving its Java interface. While these three vulnerabilities differ technically, they share the same impact. By enticing one of your users to a malicious web site, an attacker can exploit one of these flaws to execute code on that user’s computer, inheriting that user’s privileges. The attacker might then exploit other local vulnerabilities to gain complete control of the victim’s Mac.
- Heap Buffer Overflow in Webkit. Webkit is the web browser engine that OS X’s web browser, Safari, uses. Webkit suffers from a heap buffer overflow vulnerability. By enticing one of your users to a malicious web site, an attacker can exploit this buffer overflow to execute code on that user’s computer, with that user’s privileges.
- Integer Underflow vulnerability in PDFkit. PDFkit is a framework for managing and displaying PDF documents in OS X. PDFkit suffers from an integer underflow vulnerability. (An integer underflow is, in essence, another type of memory error that can cause conditions similar to those exploited in buffer overflow attacks.) By tricking out of your users into downloading and opening a malicious PDF document, an attacker can exploit this flaw to execute code on that user’s computer, inheriting that user’s privileges.
Apple’s alert includes many more code execution flaws like those described above. The remaining vulnerabilities also include Denial of Service vulnerabilities, Cross-Site Scripting (XSS) flaws, information disclosure flaws, and more. Other components that this security update patches include:
| bzip2 | iChat |
| CFNetwork | mDNSResponder |
| cscope | gnuzip |
| Kerberos | PHP |
| Quartz Composer | Samba |
| SquirrelMail | Tomcat |
| Webcore |
Refer to Apple’s alert for more details.
Solution Path:
Apple has released updates to fix these vulnerabilities for both OS X 10.3.9 and 10.4.10. Apple OS X administrators should download, test, and deploy the appropriate updates as soon as possible.
- Security Update 2007-007 (10.3.9 Client)
- Security Update 2007-007 (10.3.9 Server)
- Security Update 2007-007 (10.4.10 PPC)
- Security Update 2007-007 (10.4.10 Server PPC)
- Security Update 2007-007 (10.4.10 Universal)
- Security Update 2007-007 (10.4.10 Server Universal)
Note: If you have trouble figuring out which of these patches corresponds to your version of OS X, we recommend you let OS X’s Software Update utility automatically pick the correct update for you.
For All Users:
These flaws support diverse exploitation methods. Some of the exploits are local, meaning that your perimeter firewall never encounters the attack (unless you use firewalls internally between departments). The most secure course of action is to install the updates.
Status:
Apple released updates to fix these issues.