Article

Apple fixes multiple Mac OS X flaws

Bill Brenner

Apple has fixed nine different security holes in Mac OS X that attackers could exploit to gain root privileges, cause a denial of service, launch malicious code and more.

Reston, Va.-based security firm iDefense notified Apple of one of the problems, found in the operating system's Core Foundation Library. In an

    Requires Free Membership to View

advisory the firm said: "Local exploitation of a buffer overflow vulnerability within the Core Foundation Library included by default in Apple Computer Inc.'s Mac OS X could allow an attacker to gain root privileges."

The flaw is caused by improper handling of the CF_CHARSET_PATH environment variable, iDefense said. "When a string greater than 1,024 characters is passed via this variable, a stack-based overflow occurs, allowing the attacker to control program flow by overwriting the function's return address on the stack."

The firm said any application linked against the Core Foundation Library can be used as an attack vector. The company added that it notified Apple of the problem Feb. 4 and got a response the same day.

Apple issued an advisory outlining that and eight other flaws that have been addressed.

More information

Is paying for vulnerability info the right approach?

Mac vs. open source: An Apple a day...

Specifically, attackers could:

  • Use a specially crafted packet with an incorrect memory reference to cause a denial of service against the AFP Server.
  • Exploit an access control error in the AFP Server to view the contents of a drop box.
  • Exploit a glitch in Bluetooth Setup Assistant to bypass security restrictions.
  • Exploit multiple vulnerabilities in the Cyrus IMAP Server to compromise a vulnerable machine.
  • Exploit vulnerabilities in Cyrus SASL to crash or potentially compromise applications linked against the library.
  • Gain escalated privileges by exploiting insecure permissions on various directories.
  • Exploit a vulnerability in Mailman to disclose sensitive information.
  • Exploit a glitch in Safari through a malicious Web site to spoof the URL displayed in the address bar, SSL certificate and status bar.

Apple said fixes to these problems can be downloaded and installed using the Software Update and Apple Downloads sections on its Web site.

Apple also this week fixed a flaw in its popular iTunes Music Store that allowed others to circumvent its digital rights management tools and download unprotected music files. A trio of programmers led by Norwegian Jon Lech Johansen cracked the FairPlay DRM technology using their Windows-based PyMusique to download copyright-protected MP3 files. Johansen is best known for creating a DVD-descrambling program to play copyrighted movies on unauthorized machines. Apple's FairPlay restricts where downloaded iTunes can be played. News reports say in addition to sealing up the hole, iTunes customers must upgrade to v4.7 to download music.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: