Apple Patches 17 Bugs

Apple on May 24 released patches for 17 vulnerabilities spanning a host of technologies and a slew of potential unpleasantness: from system takeover to denial of service to password snatching.

The patches can be downloaded automatically by enabling Software Update or they can be downloaded at Apple’s download site.

One of the worst bugs, found in CoreGraphics on Mac OS X v10.4.9 and Mac OS X Server v10.4.9, can lead to system capture or the application shutting down. This vulnerability doesn’t affect systems earlier than Mac OS X v10.4.

Click here to read about more security holes in Mac OS X.

CoreGraphics is graphics technology; the name is often used interchangeably with the term “Quartz,” which refers to two Mac OS X technologies found within the CoreGraphics framework.

For an exploit of CoreGraphics to be successful, a targeted user has to open a maliciously crafted PDF file. The vulnerability involves an integer overflow in the handling of PDF files. Opening the malicious PDF will trigger the overflow.

Another bad bug exists in the file command line tool in Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 and Mac OS X Server v10.4.9. This vulnerability manifests itself when running the file command on a maliciously crafted file, which can lead to an application quitting or a system being taken over.

The file flaw has to do with a heap buffer overflow in the file command line tool.

Here are the other vulnerabilities:

Alias Manager

Affects Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 and Mac OS X Server v10.4.9.

Impact: Users may be misled into opening a substituted file.

Due to implementation issues, Alias Manager under certain circumstances won’t show identically named files contained in identically named mounted disk images. By enticing a user to mount two identically named disk images, an attacker could mislead the user into opening a malicious program, according to Apple.

BIND

There are four vulnerabilities in BIND in Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 and Mac OS X Server v10.4.9. The worst can lead to a remote DoS (denial of service).

crontabs

The daily/tmp cleanup script may lead to a DoS in Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 and Mac OS X Server v10.4.9.

When the daily cleanup script is executed, Filesystems mounted in the /tmp directory may be deleted, which may lead to a DoS.

fetchmail

Users can be tricked into disclosing their passwords because of a cryptographic weakness in Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 and Mac OS X Server v10.4.9.

iChat

An attacker on a local network can cause a DoS or execute arbitrary code due to a buffer overflow vulnerability in the UPnP IGD (Internet Gateway Device) Standardized Device Control Protocol code used to create Port Mappings on home NAT gateways in iChat. The exploit works by sending a maliciously crafted packet that triggers the overflow. This bug affects Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 and Mac OS X Server v10.4.9.

mDNSResponder

An attacker on a local network can cause DoS or execute arbitrary code due to a buffer overflow vulnerability in the UPnP IGD Standardized Device Control Protocol code used to create Port Mappings on home NAT gateways in the OS X mDNSResponder implementation. By sending a maliciously crafted packet, an attacker on the local network can trigger the overflow. The patch is for Mac OS X v10.4.9 and Mac OS X Server v10.4.9; versions prior to Mac OS X v10.4 aren’t affected.

PPP

This vulnerability, which allows local users to obtain system privileges, is found in the PPP daemon when loading plug-ins via the command line. This one affects Mac OS X v10.4.9 and Mac OS X Server v10.4.9 but no systems prior to Mac OS X v10.4.

Ruby

The Ruby CGI library has a DoS vulnerability in its CGI library. An attacker can trigger a situation that could lead to a DoS by sending maliciously crafted HTTP requests to a Web application using cgi.rb. The patch is for Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 and Mac OS X Server v10.4.9.

Screen

GNU Screen has multiple DoS vulnerabilities in its screen command tool. This affects Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 and Mac OS X Server v10.4.9. GNU has more information on its site.

texinfo

A file-handling issue in texinfo may allow arbitrary files to be overwritten. The vulnerability may allow a local user to create or overwrite files with the privileges of a user running texinfo. This affects Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 and Mac OS X Server v10.4.9.

VPN

The vpnd command has a format string vulnerability. Local users can trigger it with maliciously crafted arguments, which can lead to system takeover. This affects Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 and Mac OS X Server v10.4.9.

Check out eWEEK.com’s Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK’s Security Watch blog.