Apple patches Pwn2Own flaw in massive Mac OS X update

Summary:Apple has shipped another Mac OS X mega-update with fixes for 54 security vulnerabilities, including one that was used to hijack an iPhone 4 device at this year's CanSecWest Pwn2Own hacker challenge.

Apple has shipped another Mac OS X mega-update with fixes for 54 security vulnerabilities, including one that was used to hijack an iPhone 4 device at this year's CanSecWest Pwn2Own hacker challenge.

The Pwn2Own vulnerability, exploited by researchers Charlie Miller (right) and Dion Blazakis, was originally billed as a flaw in MobileSafari but Apple says the issue exists in the way QuickLook handles Microsoft Office files.

A memory corruption issues existed in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution.

During the Pwn2Own hack, Miller used the iPhone 4's built-in Safari browser to surf to a rigged Web site hosting a Microsoft PowerPoint document.  Once the document was opened, Miller was able to launch the exploit and hijack the iPhone's address book.

The new Mac OS X v10.6.7,  which should be treated as a high-priority update, also fixes numerous issues that could allow remote code execution attacks via rigged image or font files.

[ SEE: Charlie Miller wins Pwn2Own again with iPhone 4 exploit ]

Some examples of the more serious vulnerabilities:

follow Ryan Naraine on twitter

  • AppleScript: A format string issue existed in AppleScript Studio's generic dialog commands ("display dialog" and "display alert"). Running an AppleScript Studio-based application that allows untrusted input to be passed to a dialog may lead to an unexpected application termination or arbitrary code execution.
  • ATS: A heap buffer overflow issue existed in the handling of OpenType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution; Multiple buffer overflow issues existed in the handling of TrueType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
  • CoreText: A memory corruption issue existed in CoreText's handling of font files. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
  • ImageIO: A heap buffer overflow issue existed in ImageIO's handling of JPEG images. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution; An integer overflow issue existed in ImageIO's handling of XBM images. Viewing a maliciously crafted XBM image may result in an unexpected application termination or arbitrary code execution;  A buffer overflow existed in libTIFF's handling of JPEG encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.
  • Installer: A URL processing issue in Install Helper may lead to the installation of an agent that contacts an arbitrary server when the user logs in. The dialog resulting from a connection failure may lead the user to believe that the connection was attempted with Apple.
  • QuickLook: A memory corruption issue existed in QuickLook's handling of Excel files. Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.
  • QuickTime: Multiple memory corruption issues existed in QuickTime's handling of JPEG2000 images. Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution; An integer overflow existed in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution; A memory corruption issue existed in QuickTime's handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution.

Topics: Apple, Hardware, Operating Systems, Security, Software

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.