Apple patches 13 flaws in Mac OS X

By Bill Brenner, News Writer 30 Nov 2005 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Apple Computer Inc. released a bushel of patches for Mac OS X Tuesday, fixing 13 flaws attackers could exploit to bypass security restrictions, gain unauthorized system access, compromise sensitive data and launch malicious code.

Cupertino, Calif.-based AV giant Symantec Corp. sent customers of its DeepSight Threat Management System an e-mail bulletin Tuesday, warning that "multiple vulnerabilities may expose Mac OS X computers to local and remote system compromise, information disclosure, and various forms of unauthorized access."

Apple summarized the 13 security holes as follows in an advisory:

Attackers could use the Apache 2 Web server to bypass protections using specially-crafted HTTP headers. "This behavior is only present when Apache is used in conjunction with certain proxy servers, caching servers, or Web application firewalls," Apple said. "This update addresses the issue by incorporating Apache version 2.0.55."

The Apache Web server's mod_ssl module may allow attackers unauthorized access to a resource that is configured to require SSL client authentication. "Only Apache configurations that include the 'SSLVerifyClient require' directive may be affected," Apple said. "This update addresses the issue by incorporating mod_ssl 2.8.24 and Apache version 2.0.55.

Using a carefully crafted URL, attackers can cause a heap buffer overflow in CoreFoundation, a framework for importing and exporting data types, "which may result in a crash or arbitrary code execution," Apple said. "CoreFoundation is used by Safari and other applications. This update addresses the issue by performing additional validation of URLs. This issue does not affect systems prior to Mac OS X 10.4."

Attackers "could use curl with NTLM authentication enabled to download an HTTP resource" to supply an overly long user or domain name, Apple said. NTLM is a network authentication scheme used by browsers and proxies. "This may cause a stack buffer overflow and lead to arbitrary code execution," Apple said. "This update addresses the issue by performing additional validation when using NTLM authentication. This issue does not affect systems prior to Mac OS X 10.4."

The ODBC Administrator utility includes a helper tool called iodbcadmintool that executes with raised privileges. "This helper tool contains a vulnerability that may allow local users to execute arbitrary commands with raised privileges," Apple said. "This update addresses the issue by providing an updated iodbcadmintool that is not susceptible."

Applications that do not disable SSLv2 or that enable certain compatibility options when using OpenSSL may be vulnerable to a protocol downgrade attack. "Such attacks may cause an SSL connection to use the SSLv2 protocol which provides less protection than SSLv3 or TLS," Apple said.

When creating an Open Directory master server, credentials may be compromised. "This could lead to unprivileged local users gaining elevated privileges on the server," Apple said. "This update addresses the issue by ensuring the credentials are protected."

The JavaScript engine in Safari uses a version of the PCRE [Perl Compatible Regular Expressions] library that is vulnerable to a heap overflow. "This may lead to the execution of arbitrary code," Apple said. "This update addresses the issue by providing a new version of the JavaScript engine that incorporates more robust input validation."

When files are downloaded in Safari, they are normally placed in the location specified as the download directory. "However, if a Web site suggests an [overly long] file name for a download, it is possible for Safari to create this file in other locations," Apple said. "Although the file name and location of the downloaded file content cannot be directly specified by remote servers, this may still lead to downloading content into locations accessible to other users. This update addresses the issue by rejecting overlong file names."

In Safari, JavaScript dialog boxes do not indicate the Web site that created them. "This could mislead users into unintentionally disclosing information to a Web site," Apple said. "This update addresses the issue by displaying the originating site name in JavaScript dialog boxes."

WebKit contains a heap overflow that may lead to the execution of arbitrary code, Apple said, adding, "This may be triggered by content downloaded from malicious Web sites in applications that use WebKit, such as Safari. This update addresses the issue by removing the heap overflow from WebKit."

Sudo allows system administrators to grant users the ability to run specific commands with elevated privileges. "Although the default configuration is not vulnerable to this issue, custom sudo configurations may not properly restrict users," Apple said. "This update addresses the issue by incorporating Sudo version 1.6.8p9."

The system log server records syslog messages verbatim. "By supplying control characters such as the newline character, a local attacker could forge entries with the intention to mislead the system administrator," Apple said. "This update addresses the issue by specially handling control characters and other non-printable characters. This issue does not affect systems prior to Mac OS X 10.4."

Tags: Alternative OS security: Mac, Linux, Unix, etc.,  Web Application Security,  SSL and TLS VPN Security,  Application Attacks (Buffer Overflows, Cross-Site Scripting),  Web Server Threats and Countermeasures,  Web Application and Web 2.0 Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Alternative OS security: Mac, Linux, Unix, etc. Mac OS memory flaws pose challenges for enterprise endpoint protection Rootkit Hunter demo: Detect and remove Linux rootkits Oracle to buy Sun Microsystems for $7.4 billion How to harden Linux operating systems Serious holes in Mac OS X memory, researcher shows What is the best operating system for an FTP server implementation? Black Hat DC 2009: Mac OS attack method New hacking method stealthily attacks Macs with malware Apple fixes critical QuickTime flaws User provisioning and SSO for PeopleSoft- and Unix-based products Alternative OS security: Mac, Linux, Unix, etc. Research Web Application Security nCircle statistics show rising Web application vulnerabilities Twitter bugs, DNSSEC and broswer security Month of Twitter Bugs project to document Twitter flaws Are Web application penetration tests still important? IT pros can detect, prevent website vulnerabilities, thwart attacks PCI compliance requirement 6: Systems and applications Trust eroding as social engineering attacks climb in 2009, says Kaspersky expert US-CERT warns of Gumblar, Martuz drive-by exploits XSS bugs, information leakage top list of website vulnerabilities How to find and stop automated SQL injection attacks SSL and TLS VPN Security Creating an SSL connection between servers Can S/MIME, XML and IPsec operate in one protocol layer? Can secure USB devices prevent man-in-the middle attacks How to secure SSL following new man-in-the-middle SSL attacks SSLstrip hacking tool bypasses SSL to trick users, steal passwords What firewall controls should be placed on the VPN? What firewall features will best protect a LAN from Internet hack attacks and malware? IBM USB banking device stops keyloggers, malware Debian: A niche OS with a not-so-niche security flaw Google Chrome unlikely to attract security-minded users

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary