Home > Security News > Monster fix for Mac OS X, QuickTime
Security News:
EMAIL THIS

Monster fix for Mac OS X, QuickTime

By Bill Brenner, Senior News Writer
12 May 2006 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Apple Computer Inc. released security updates for more than 25 flaws in Mac OS X and 12 vulnerabilities in QuickTime Thursday evening. Attackers could exploit these to cause a denial of service, run malicious commands, disclose sensitive data or circumvent security restrictions.

In two of its advisories, the French Security Incident Response Team (FrSIRT) identified 31 separate vulnerabilities in MAC OS X and 12 in QuickTime. The vulnerability tracking firm rated both security updates critical.

Security holes in Mac OS X include:

  • An error in the "NSSecureTextField" class that fails to properly re-enable secure event input when switching between text input fields, which could cause characters entered into a secure text field to be read by other applications in the same window session.
  • An integer overflow error in CFNetwork when handling chunked transfer encoding, which malicious Web sites could exploit to compromise vulnerable systems.
  • Integer overflow, format string and memory corruption errors in ClamAV, which attackers could exploit to execute arbitrary commands or cause a denial of service.
  • An error in Mail when handling enriched text e-mail messages containing invalid color information, which attackers could exploit to execute arbitrary commands via a malicious e-mail message.
  • An error in MySQL that doesn't properly set the root password during the initial setup, which could allow local users to gain access to a vulnerable database with full privileges.
  • An error in Safari that does not properly validate downloaded archives before being automatically expanded when the "Open safe files after downloading" option is enabled. Attackers could exploit this to compromise a vulnerable system via a malicious archive containing a symbolic link.

    • Security holes in QuickTime include:

  • An integer overflow error when processing malformed .jpg images, which attackers could exploit to execute arbitrary commands via a malicious Web page.
  • An integer overflow error when handling malformed QuickTime movies, which attackers could exploit to execute arbitrary commands via a malicious Web page.
  • A buffer overflow error when processing malformed QuickTime movies, which attackers could exploit to compromise a vulnerable system by tricking a user into visiting a specially crafted Web page.
  • A buffer overflow error when processing malformed Flash movies, which attackers could exploit to execute arbitrary commands via a malicious Web page.


    • Tags: Alternative OS security: Mac, Linux, Unix, etc.Web Browser SecurityVIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


    RELATED CONTENT
    Alternative OS security: Mac, Linux, Unix, etc.
    Mac OS memory flaws pose challenges for enterprise endpoint protection
    Rootkit Hunter demo: Detect and remove Linux rootkits
    Oracle to buy Sun Microsystems for $7.4 billion
    How to harden Linux operating systems
    Serious holes in Mac OS X memory, researcher shows
    What is the best operating system for an FTP server implementation?
    Black Hat DC 2009: Mac OS attack method
    New hacking method stealthily attacks Macs with malware
    Apple fixes critical QuickTime flaws
    User provisioning and SSO for PeopleSoft- and Unix-based products
    Alternative OS security: Mac, Linux, Unix, etc. Research

    Web Browser Security
    Security researchers develop browser-based darknet
    Microsoft cracks down on click fraud ring
    Mozilla patches 11 Firefox security flaws, JavaScript errors
    Microsoft patches WebDAV security vulnerability in bevy of updates
    IT pros can detect, prevent website vulnerabilities, thwart attacks
    Stolen FTP credentials likely in massive website attacks
    Trust eroding as social engineering attacks climb in 2009, says Kaspersky expert
    US-CERT warns of Gumblar, Martuz drive-by exploits
    Google study backs browser silent auto update feature
    Firefox update addresses several security flaws
    Web Browser Security Research

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    trusted computing  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    More Tips to Secure Your Network
    Focused on Channel Security?
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts