Focus on Apple
Apple releases Mac OS X 10.5.3 and Security Update 2008-003 May 29 2008 12:40AM
Todd Woodward (todd_woodward symantec com)
Apple today released Mac OS X 10.5.3, Mac OS X Server 10.5.3 and
Security Update 2008-003.

The updates address the following potential issues:

(Please insert "potential", "could" and "may" where appropriate.)

AFP Server

Issue: Files that are not designated for sharing may be accessed
remotely
Solution: Deny access to files and folders that are not inside a folder
designated for sharing
Credit: Alex deVries and Robert Rich

Apache

Issue: Multiple vulnerabilities in Apache 2.0.55, including cross-site
scripting.
Solution: Apache is updated to version 2.0.63 to address several
vulnerabilities
Note: This is for Mac OS X Server 10.4.x systems, since Leopard ships
with Apache 2.2.x.

AppKit

Issue: Maliciously crafted file, unexpected application termination,
arbitrary code execution
Solution: Improved validation of document files.
Credit: Rosyna of Unsanity

Apple Pixlet Video

Issue: Vulnerability to unexpected application termination, arbitrary
code execution
Solution: Improved bounds checking.

ATS
Issue: Vulnerability to arbitrary code execution
Solution: Additional validation of embedded fonts.
Credit: Melissa O'Neill of Harvey Mudd College

CFNetwork

Issue: Vulnerability leading to disclosure of sensitive information
Solution: User prompts

CoreFoundation

Issue: Vulnerability leading to unexpected application termination or
arbitrary code execution
Solution: Additional validation of length parameters.

CoreGraphics
Issue: Vulnerability that may lead to an unexpected application
termination or arbitrary code execution
Solution: Proper initialization of pointers

CoreTypes

Issue: Lack of prompting against opening "certain potentially unsafe
content types" in Automator, Help, Safari, and Terminal
Solution: Enhancements to Download Validation in Mac OS X v10.4, and
Quarantine in Mac OS X v10.5
Credit: Brian Mastenbrook

CUPS
Issue: Information disclosure
Solution: Validation of environment variables

Flash Player Plug-in

Issue: Arbitrary code execution
Solution: Updating to version 9.0.124.0

Help Viewer

Issue: Vulnerability to application termination or arbitrary code
execution
Solution: Improved bounds checking
Credit: to Paul Haddad of PTH Consulting

iCal

Issue: Vulnerability to unexpected application termination or arbitrary
code execution
Solution: "Improving reference counting in the affected code"
Note: This issue only affects pre-Mac OS X 10.5 systems.
Credit: Rodrigo Carvalho of Core Security Technologies

International Components for Unicode

Issue: Disclosure of sensitive information
Solution: "...replacing invalid character sequences with a fallback
character."

Image Capture

Issue: Path traversal vulnerability
Solution: Improved URL handling

Issue: Privilege elevation
Solution: Improved handling of temporary files

ImageIO

Issue: Out-of-bounds memory read leading to information
disclosure
Solution: Additional validation of BMP and GIF images
Credit: Gynvael Coldwind of Hispasec

Issue: Multiple vulnerabilities in libpng version 1.2.18
Solution: Updating to version 1.2.24

Issue: Vulnerability to unexpected application termination or
arbitrary code execution
Solution: Additional validation of JPEG2000 images.

Kernel

Issue: Remote vulnerability to unexpected system shutdown due
to undetected failure condition
Solution: Proper detection of the failure condition.

Issue: Local user vulnerability to unexpected system shutdown
due to mishandling of code signatures
Solution: Perform additional validation of code signatures

LoginWindow

Issue: Race condition preventing MCX preferences being applied
Solution: Eliminate the race condition

Mail

Issue: IPv6 vulnerability leading to unexpected application termination,
information disclosure, or arbitrary code execution
Solution: Properly initializing variable.
Credit: Derek Morr of The Pennsylvania State University

ruby

Issue: Remote vulnerability
Solution: Mongrel updated to version 1.1.4

Single Sign-On

Issue: Password disclosure in sso_util
Solution: Make password parameter optional, force sso_util to promp
Credit: Geoff Franks of Hauptman Woodward Institute

Wiki Server

Issue: Remote vulnerability to information disclosure
Solution: Improved handling of error messages
Credit: Don Rainwater of the University of Cincinnati

Detailed information can be obtained from Apple's Knowledge Base:

http://support.apple.com/kb/HT1141
http://support.apple.com/kb/HT1897

###

Todd D. Woodward
Team Coordinator
Technical Support Engineer
NetBackup Data Protection Group
Symantec Corporation
www.symantec.com
Springfield, Oregon

Office: 541-335-7441

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus