Apple Mega-patch Fixes 22 FlawsBy Ryan Naraine | Posted 2006-11-28 Email Print
The monster update to Mac OS X includes a fix for a critical Wi-Fi driver flaw that was exposed during the "Month of Kernel Bugs" project.Apple Computer has shipped a monster security update to correct a total of 22 vulnerabilities in its Mac OS X operating system.
The Cupertino, Calif, company's patch batch includes a fix for a critical Wi-Fi flaw affecting eMac, iBook, iMac, PowerBook G3, PowerBook G4 and Power Mac G4 systems.
The Wi-Fi flaw, first exposed at the beginning of the Month of Kernel Bugs project, was discovered and reported by Metasploit's HD Moore.
Apple confirmed that the issue is a heap buffer overflow that exists in the AirPort wireless driver's handling of probe response frames.
"An attacker in local proximity may be able to trigger the overflow by sending maliciously crafted information elements in probe responses," the company said in its advisory. The flaw does not affect systems with the AirPort Extreme card.
Four vulnerabilities in the ATS (Apple Type Services) server were also covered, the most serious being a stack buffer overflow in font processing that could cause code execution attacks.
"By carefully crafting a corrupt font file, an attacker can trigger the buffer overflow which may lead to a crash or arbitrary code execution with system privileges," the company warned, nothing that font files are processed when opened or previewed in Finder.
A separate code execution bug in Finder was also fixed. Apple said the vulnerability could lead to a Mac OS X hijack even if the target user is simply browsing a shared directory.
"By enticing a user to browse a directory containing a maliciously crafted '.DS_Store' file, an attacker may be able to trigger the overflow. This could lead to an application crash or arbitrary code execution with the privileges of the user running Finder," the advisory said.
The update provides fixes for four Security Framework flaws, a bug in WebKit, a ClamAV vulnerability and a bug in CFNetwork.
It also covers a hole in FTPd that occurs when FTP access is enabled; a GNUzip bug that occurs when files are uncompressed; an Installer vulnerability that could lead to privilege escalation attacks; and multiple holes in OpenSSL, PHP, Perl, PPP (Point-to-Point Protocol), Samba and VPN.