Apple patches multiple Mac OS X flaws

Attackers could exploit several holes in Mac OS X to run malicious code on targeted machines, trigger denials of service or escalate privileges. Apple has released patches.

This Content Component encountered an error

Apple Inc. has fixed multiple security flaws in Mac OS X that attackers could exploit to run malicious code on targeted machines, trigger a denial of service or boost their user privileges.

More Apple security news

Why hacking contests, 'month-of' projects don't help
Ivan Arce, chief technology officer of Core Security Technologies, explains why he thinks "month of" projects are all about marketing hype.

Security Squad podcast: Mac hacks (.mp3)
In this podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure.

Mac hack puts Apple faithful on the defense
A much-hyped QuickTime exploit threatens Mac OS X and Windows browsers, but the Apple faithful feel the greatest sting.

The Cupertino, Calif.-based vendor has detailed the flaws in Apple security update 2007-005. They include:

 

  • An implementation error in the Alias Manager keeps the operating system from showing identically named files contained in identically named mounted disk images. Attackers could exploit the issue to trick users into opening malicious programs.

     

  • An integer-overflow error in CoreGraphics occurs when malformed .pdf files are handled. An attacker could exploit the flaw to run malicious code on a targeted system by tricking a user into opening a malicious .pdf file.

     

  • An error in crontabs occurs when the daily clean-up script is launched. Attackers could exploit this to cause file systems mounted in the "/tmp" directory to be deleted.

     

  • Attackers could exploit a buffer-overflow error in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create port mappings on home NAT gateways in iChat to run malicious code by sending a specially crafted packet.

     

  • Local attackers could exploit an implementation error in the PPP daemon when loading plugins via the command line to obtain system privileges.

     

  • Attackers could exploit an error in the screen program to cause a denial of service.

Dig deeper on Alternative OS security: Mac, Linux, Unix, etc.

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close