Apple plugs 28 Mac OS X security holes

Summary:In some cases, a hacker could take complete control of an affected Mac OS X machine if a user is lured to a malicious Web site or views a rigged movie file.

Apple has shipped another mega Mac OS X patch bundle to fix a total of 28 documented security vulnerabilities affecting the Mac ecosystem.

The update, which includes fixes for the Adobe Flash Player plugin and several open-source components, is rated highly-critical because it exposes Mac OS X users to remote code execution attacks.

In some cases, a hacker could take complete control of an affected machine if a user is lured to a malicious Web site or views a rigged movie file.

[ Apple gives Mac users vulnerable Flash Player plugin ]

Here's the skinny on the most serious issues fixes in this Security Update 2010-004 / Mac OS X v10.6.4 bundle:
follow Ryan Naraine on twitter
  • Flash Player plug-in: Multiple vulnerabilities exist in the Adobe Flash Player plug-in, the most serious of which may lead to unauthorized cross-domain requests. The issues are addressed by updating the Flash Player plug-in to version 10.0.45.2.
  • Help Viewer: A cross-site scripting issue exists in Help Viewer's handling of help: URLs. Visiting a maliciously crafted website may lead to the execution of JavaScript in the local domain. This may lead to information disclosure or arbitrary code execution. This issue is addressed through improved escaping of URL parameters in HTML content. This issue does not affect systems prior to Mac OS X 10.6.
  • ImageIO: Multiple integer overflows in the handling of TIFF files may result in a heap buffer overflow. Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution. The issues are addressed through improved bounds checking.
  • ImageIO: A memory corruption exists in the handling of MPEG2 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of MPEG2 encoded movie files.
  • Kerberos: A double free issue exists in the renewal or validation of existing tickets in the KDC process. A remote user may cause an unexpected termination of the KDC process, or arbitrary code execution. This issue is addressed through improved ticket handling.
  • libcurl: A buffer overflow exists in libcurl's handling of gzip-compressed web content. When processing compressed content, libcurl may return an unexpectedly large amount of data to the calling application. This may lead to an unexpected application termination or arbitrary code execution. The issue is addressed by ensuring that the size of data blocks returned to the calling application by libcurl adheres to documented limits.
  • Network Authorization: A format string issue exists in the handling of afp:, cifs:, and smb: URLs. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of afp:, cifs:, and smb: URLs. This issue does not affect systems prior to Mac OS X v10.6.
  • Printing: An integer overflow issue exists in the calculation of page sizes in the cgtexttops CUPS filter. A local or remote user with access to the printer may cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking.

As always, the sucurity update may be obtained from Software Update pane in System Preferences, or Apple's Software Downloads web site.

Topics: Servers, Apple, Hardware, Operating Systems, Security, Software

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.