Apple patches dangerous Mac flaws

By SearchSecurity.com Staff 29 May 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Apple on Wednesday issued updates to its product line, repairing flaws in the Mac OS X and OS X Server that could be exploited by an attacker to gain access to sensitive files.

In all, more than 40 fixes were released. The Cupertino, Calif.-based company issued the latest Leopard edition, Mac OS X version 10.5 and also included the Apple security update for Mac OS X version 10.4.11 and Mac OS X Server version 10.4.11.

The update is available from the Mac Software Update control panel or as a download from Apple's Web site.

It repairs one of three flaws in iCal discovered by Core Security Technologies. Core said "the vulnerabilities discovered in the iCal application may allow un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) the assistance from the end user of the application or to repeatedly execute a denial of service attack to crash the iCal application."

Apple patched what Core called the most serious of the three vulnerabilities. A potential memory corruption could be exploited by attackers by using a malicious calendar file. If successfully exploited, Apple said the flaw could lead to an unexpected application termination or arbitrary code execution.

Other fixes corrected a bug in Apple CoreGraphics, which repairs a bug in the handling of PDF files. Opening a maliciously crafted PDF file may cause an unexpected application termination or arbitrary code execution, apple said.

A bug in Apple's Safari browser was also repaired. Safari's SSL client had a problem with certificate handling that could lead to disclosure of sensitive information to unauthorized websites. This update adds a feature prompting the user before sending the certificate.

Apple also repaired a number of bugs in the way Mac OS X handles image files. An out-of-bounds memory read error, and an integer overflow in the handling error could lead to information disclosure and arbitrary code execution. Several vulnerabilities in libpng, a library used when handling Portable Network Graphics (PNG) image format files, could be exploited to cause a remote denial of service.

Tags: Alternative OS security: Mac, Linux, Unix, etc.,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Alternative OS security: Mac, Linux, Unix, etc. Mac OS memory flaws pose challenges for enterprise endpoint protection Rootkit Hunter demo: Detect and remove Linux rootkits Oracle to buy Sun Microsystems for $7.4 billion How to harden Linux operating systems Serious holes in Mac OS X memory, researcher shows What is the best operating system for an FTP server implementation? Black Hat DC 2009: Mac OS attack method New hacking method stealthily attacks Macs with malware Apple fixes critical QuickTime flaws User provisioning and SSO for PeopleSoft- and Unix-based products Alternative OS security: Mac, Linux, Unix, etc. Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary