CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
June 30th, 2008

25 Mac OS X Security Vulnerabilities Fixed in Apple’s 2008-004 Security Update

Apple has shipped a new Mac OS X update that addresses 25 documented vulnerabilities that could lead to arbitrary code execution attacks. Apple fixes in this 2008-004 Security Update code execution flaws in Launch Services, SMB File Server, System Configuration, VPN and WebKit.

Fixes for six highly critical Ruby, a popular open-source scripting language, vulnerabilities are also included. The update also installs a Tomcat patch that addresses nine vulnerabilities, the most serious of which may lead to a cross-site scripting attack.

Here is the list of vulnerabilities from Apple’s security bulletin:

Alias Manager (CVE-2008-2308): A memory corruption issue exists in the handling of AFP volume mount information in an alias data structure. Resolving an alias containing maliciously crafted volume mount information may lead to an unexpected application termination or arbitrary code execution. This issue only affects Intel-based systems running Mac OS X 10.5.1 or earlier.

CoreTypes (CVE-2008-2309): This update adds .xht and .xhtm files to the system’s list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from a web page. While these content types are not automatically launched, if manually opened they could lead to the execution of a malicious payload.

c++filt (CVE-2008-2310): A format string issue exists in c++filt, which is a debugging tool used to demangle C++ and Java symbols. Passing a maliciously crafted string to c++filt may lead to an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X 10.5.

Dock (CVE-2008-2314): When the system is set to require a password to wake from sleep or screen saver, and Exposé hot corners are set, a person with physical access may be able to access the system without entering a password. This issue does not affect systems prior to Mac OS X 10.5.

Launch Services (CVE-2008-2311): A race condition exists in the download validation of symbolic links, when the target of the link changes during the narrow time window of validation. If the “Open ’safe’ files” preference is enabled in Safari, visiting a maliciously crafted website may cause a file to be opened on the user’s system, resulting in arbitrary code execution. This issue does not affect systems running Mac OS X 10.5 or later.

Net-SNMP (CVE-2008-0960): An issue exists in Net-SNMP’s SNMPv3 authentication, which may allow maliciously crafted packets to bypass the authentication check. Additional information is available from US-CERT.

Ruby: Multiple memory corruption issues exist in Ruby’s handling of strings and arrays, the most serious of which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of strings and arrays. Also, if WEBRick is running, a remote attacker may be able to access files protected by WEBrick’s :NondisclosureName option.

SMB File Server (CVE-2008-1105): A heap buffer overflow exists in the handling of SMB packets. Sending malicious SMB packets to a SMB server, or connecting to a malicious SMB server, may lead to an unexpected application termination or arbitrary code execution.

System Configuration (CVE-2008-2313): A local user may be able to populate the User Template directory with files that will become part of the home directory when a new user is created. This could allow arbitrary code execution with the privileges of the new user. This issue does not affect systems running Mac OS X 10.5 or later.

Tomcat: Tomcat version 4.x is bundled on Mac OS X v10.4.11 systems. Tomcat on Mac OS X v10.4.11 is updated to version 4.1.37 to address several vulnerabilities, the most serious of which may lead to a cross-site scripting attack. Further information is available via the Tomcat site.

VPN (CVE-2007-6276): A divide by zero issue exists in the virtual private network daemon’s handling of load balancing information. Processing a maliciously crafted UDP packet may lead to an unexpected application termination. This issue does not lead to arbitrary code execution.

WebKit (CVE-2008-2307): A memory corruption issue exists in WebKit’s handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Along with this fix, the version of Safari for Mac OS X v10.5.4 is updated to 3.1.2.

Updates can be retrieved and installed using Mac OS X’s integrated update feature.

Share this item with others:

More on CyberInsecure:
  • Hackers Might Exploit Apple’s iCal Memory Corruption Vulnerability
  • Highly Critical Vulnerabilities Fixed In Urgent RealPlayer Update
  • Apple Update 2008-008 Patches 21 Security Vulnerabilities In OS X 10.5.6
  • Critical Mac Flaws Triggered By Images Fixed By Apple
  • Critical Flaws Patched By Apple in QuickTime 7.5 Update

    • Posted in Apple, Software, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Monday, June 30th, 2008 at 7:09 pm and is filed under Apple, Software, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: 25 Mac OS X Security Vulnerabilities Fixed in Apple’s 2008-004 Security Update

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »