Apple Computer Inc. released a massive security update Tuesday, fixing 22 flaws in its Mac OS X operating system.
But the Cupertino, Calif.-based company did fix the first flaw unveiled as part Month of Kernel Bugs, a heap buffer overflow caused by how its AirPort wireless driver handles probe response frames. The flaw, which affects eMac, iBook, iMac, PowerBook G3, PowerBook G4, and Power Mac G4 systems equipped with an original AirPort card, was discovered by H.D. Moore, developer of the popular Metasploit security tool.
"An attacker in local proximity may be able to trigger the overflow by sending maliciously-crafted information elements in probe responses," Apple said in its advisory.
Other issues addressed in Apple's security update include:
- Several flaws in the Apple Type Services (ATS) server, the most serious of which is a stack buffer overflow that attackers could exploit to launch malicious code.
- A heap buffer overflow may be triggered when the Finder is used to browse a directory containing a corrupt ".DS_Store" file. "By enticing a user to browse a directory containing a maliciously-crafted '.DS_Store' file, an attacker may be able to trigger the overflow," Apple said. "This could lead to an application crash or arbitrary code execution with the privileges of the user running Finder."
- A flaw in FTPd that surfaces when FTP access is enabled. "When attempting to authenticate a valid user, the FTP server may crash during a failed login attempt," Apple said. "The crash does not occur when attempting to authenticate unknown users. This behavior can be used to determine if an account name is valid."
- Four flaws in the Security Framework program.
Though many consider it a more secure alternative to Microsoft Windows, Mac OS X has come under intense scrutiny in recent months. Earlier this year, the Mac was targeted by malicious code for the first time.
In August all eyes were again on Mac security when researchers David Maynor and Jon "Johnny Cache" Ellch showed attendees a video in which Maynor used a Dell Inc. laptop to compromise a MacBook in about 60 seconds, just by targeting its wireless card and wireless device driver.