Hefty security fix for Apple Mac OS X, Safari |
 |
By Bill Brenner, Senior News Writer
15 Nov 2007 | SearchSecurity.com |
|
|
Apple Inc. released a massive security update Wednesday, fixing flaws attackers could exploit in Mac OS X and Safari to infect machines with malware and cause system crashes.
Apple Security Update 2007-008 addresses some 41 vulnerabilities, including the following:
An input validation issue in Adobe Flash Player attackers could exploit to launch malicious code by tricking the user into opening maliciously crafted Flash content. Apple has updated Adobe Flash Player to version 9.0.47.0 to fix the problem.
A null pointer dereference issue in AppleRAID that may be triggered when mounting a striped disk image. Attackers could exploit this to cause an unexpected system shutdown. Apple noted that Safari will automatically mount disk images when "Open `safe' files after downloading" is enabled. This update addresses the issue by performing additional validation of disk images.
ISC BIND 9 through 9.5.0a5 uses a weak random number generator during the creation of DNS query IDs when answering resolver questions or sending NOTIFY messages to slave name servers. This makes it easier for remote attackers to guess the next query ID and perform DNS cache poisoning. This update addresses the issue by improving the random number generator.
An implementation issue exists in the File Transfer Protocol (FTP) portion of CFNetwork. By sending maliciously crafted replies to FTP PASV (passive) commands, FTP servers are able to cause clients to connect to other hosts. This update addresses the issue by performing additional validation of IP addresses.
An issue exists in the validation of certificates. A man-in-the-middle attacker may be able to direct the user to a legitimate site with a valid SSL certificate, then redirect the user to a spoofed Web site rigged with malware. Attackers could exploit this to collect user credentials and other information. This update addresses the issue through improved validation of certificates.
A null pointer dereference issue exists in the CFNetwork framework. By tricking a user into using a vulnerable application to connect to a malicious server, an attacker could crash the application. This update addresses the issue by performing additional validation of HTTP replies.
A one-byte buffer overflow may occur in CoreFoundation when listing the contents of a directory. By enticing a user to read a maliciously crafted directory hierarchy, an attacker could crash an application or launch malicious code. This update addresses the issue by ensuring that the destination buffer is sized to contain the data.
An uninitialized object pointer vulnerability exists in the handling of text content. By tricking a user into viewing maliciously crafted text content, an attacker could crash an application or launch malicious code. This update addresses the issue by performing additional validation of object pointers.
Attackers could exploit format string and tabbed browsing implementation errors in Safari by tricking a user into opening a download file with a maliciously crafted name. By doing this, the attacker could crash the application or launch malicious code. This update addresses the issue through improved handling of format strings and improved handling of authentication sheets.
|
|
|
|
