Apple Mega-patch Fixes 22 Flaws

Apple Computer has shipped a monster security update to correct a total of 22 vulnerabilities in its Mac OS X operating system.

The Cupertino, Calif, company’s patch batch includes a fix for a critical Wi-Fi flaw affecting eMac, iBook, iMac, PowerBook G3, PowerBook G4 and Power Mac G4 systems.

The Wi-Fi flaw, first exposed at the beginning of the Month of Kernel Bugs project, was discovered and reported by Metasploit’s HD Moore.

Apple confirmed that the issue is a heap buffer overflow that exists in the AirPort wireless driver’s handling of probe response frames.

“An attacker in local proximity may be able to trigger the overflow by sending maliciously crafted information elements in probe responses,” the company said in its advisory. The flaw does not affect systems with the AirPort Extreme card.

Click here to read more about the original warning about the Apple Wi-Fi vulnerability.

Four vulnerabilities in the ATS (Apple Type Services) server were also covered, the most serious being a stack buffer overflow in font processing that could cause code execution attacks.

“By carefully crafting a corrupt font file, an attacker can trigger the buffer overflow which may lead to a crash or arbitrary code execution with system privileges,” the company warned, nothing that font files are processed when opened or previewed in Finder.

Building an Integrated IT Security Strategy for 2007: eSeminars invites you to join this virtual tradeshow on November 30, and learn how to reduce security costs and mitigate the risks associated with users and their access rights across your entire organization. Click here for more.

A separate code execution bug in Finder was also fixed. Apple said the vulnerability could lead to a Mac OS X hijack even if the target user is simply browsing a shared directory.

“By enticing a user to browse a directory containing a maliciously crafted ‘.DS_Store’ file, an attacker may be able to trigger the overflow. This could lead to an application crash or arbitrary code execution with the privileges of the user running Finder,” the advisory said.

The update provides fixes for four Security Framework flaws, a bug in WebKit, a ClamAV vulnerability and a bug in CFNetwork.

It also covers a hole in FTPd that occurs when FTP access is enabled; a GNUzip bug that occurs when files are uncompressed; an Installer vulnerability that could lead to privilege escalation attacks; and multiple holes in OpenSSL, PHP, Perl, PPP (Point-to-Point Protocol), Samba and VPN.

Check out’s Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraine’s eWEEK Security Watch blog.