Apple patch batch fixes 17 Mac OS X vulnerabilities

Summary:The latest mega update is the fifth from Apple this year and brings the patch total for 2007 up to 109.

Apple has shipped a Mac OS X update with patches for a total of 17 potentially serious security vulnerabilities.

Mac OS X Security

The latest mega update is the fifth from Apple this year and brings the patch total for 2007 up to 109.

With Security Update 2007-005, Apple is fixing a host of denial-of-service and arbitrary code execution issues affecting several built-in Mac OS X components.

One of the more serious vulnerabilities, in CoreGraphics, could allow an attacker to use a rigged PDF file to launch code execution attacks. This is caused by an integer overflow vulnerability in the way PDF files are handled.

"By enticing a user to open a maliciously crafted PDF file, an attacker could trigger the overflow which may lead to an unexpected application termination or arbitrary code execution," Apple warned in an advisory.

iChat
Another potentially serious buffer overflow was also identified in UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in iChat.

"By sending a maliciously crafted packet, an attacker on the local network can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution," Apple said.

Four different denial-of-service issues in BIND are also addressed along with holes in Alias Manager, fetchmail, file (code execution possible), mDNSResponder, PPP, ruby, screen, texinfo and VPN.

[UPDATE: May 25, 2007 @ 11:21 am]  Immunity has released exploit code for the mDNSResponder (Bonjour) vulnerability, which brings code execution risks.

Topics: Apple, Hardware, Operating Systems, Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.