Apple monster update fixes 41 Mac OS X, Safari vulnerabilities

Apple monster update fixes 41 Mac OS X, Safari vulnerabilities

Summary: Apple today released a monster update to provide belated cover for at least 41 security holes in its flagship Mac operating system.

SHARE:

Apple today released a monster update to provide belated cover for at least 41 security holes in its flagship Mac operating system.

With Security Update 2007-008 and Mac OS X v10.4.11, Apple patches multiple "highly critical" flaws that could cause unexpected system shutdowns, drive-by-malware downloads and remote code execution attacks.

Apple monster update fixes 41 Mac OS X, Safari vulnerabilities

The company also shipped a new version of Safari for Windows (beta) to patch 10 browser vulnerabilities affecting Windows XP and Vista users.

Some of the most serious vulnerabilities include:

CVE-2007-4691: A case-sensitivity issue exists in NSURL when determining if a URL references the local file system. This may cause a caller of the API to make incorrect security decisions, potentially leading to the execution of files on the local system or network volumes without appropriate warnings.

CVE-2007-4689: A double-free issue exists in the handling of certain IPV6 packets, which may lead to an unexpected system shutdown or arbitrary code execution with system privileges.

[ SEE: Safari on Windows could be big target for malware ]

CVE-2007-4690: A double free issue in NFS may be triggered when processing an AUTH_UNIX RPC call. By sending a maliciously crafted AUTH_UNIX RPC call via TCP or UDP, a remote attacker may cause an unexpected systemApple monster update fixes 41 Mac OS X, Safari vulnerabilities shutdown or arbitrary code execution.

CVE-2007-4681: A one byte buffer overflow may occur in CoreFoundation when listing the contents of a directory. By enticing a user to read a maliciously crafted directory hierarchy, an attacker may cause an unexpected application termination or arbitrary code execution.

CVE-2007-4682: An uninitialized object pointer vulnerability exists in the handling of text content. By enticing a user to view maliciously crafted text content, an attacker may cause an unexpected application termination or arbitrary code execution.

[ SEE: DNS-changing Trojan opens Mac OS X floodgates ]

The Mac OS X update also fixes a denial-of-service bug in AppleRAID, a cache-poisoning issue in ISC BIND 9, multiple race conditions in bzip2, an implementation issue in CFFTP, several CFNetwork vulnerabilities, a code execution hole in the Flash Player Plug-in, a pair of Kerberos code execution issues and several kernel vulnerabilities.

The Safari 3 Beta patch is also a high-priority update that fixes code execution holes in the browser. It is available for Windows XP and Vista.

Topics: Apple, Hardware, Operating Systems, Security, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

141 comments
Log in or register to join the discussion
  • But Apple zealots SWORE that drive bys were impossible?

    After the devastating admission that yes, there is "in-the-wild" malware actively attacking OS X users, the next fallback apology by the Mac zealots was: yeah, but drive-by remote code execution is impossible!

    [i]Apple patches multiple ?highly critical? flaws that could cause unexpected system shutdowns, drive-by-malware downloads and remote code execution attacks.[/i]

    Seems that Apple is calling you all liars!!

    snicker, smirk :)
    NonZealot
    • Au contraire

      It merely proves that you are, as my granny used to say, "Ye numpty heid."

      From anything I've read on these forums, which you appear to avoid reading, what they keep claiming is that there are no (well, apparently there is one now) nasty wee evil softbeasties out there doing what they do.

      Next you'll be trying to convince the world that it is all the cunning plot of a penguin with an apple its pocket to have what is known as north to be swapped with south.
      ego.sum.stig
      • Then you haven't read much.

        [i]From anything I've read on these forums, which you appear to avoid reading, what they keep claiming is that there are no (well, apparently there is one now) nasty wee evil softbeasties out there doing what they do.[/i]
        ye
        • Oh look...

          It's the amazing [b][i]"I'm a Mac user, really I am"[/i][/b] man!
          ego.sum.stig
          • What are you saying about Mac users?

            [i]It's the amazing "I'm a Mac user, really I am" man![/i]

            Since you obviously believe it is impossible to be a Mac user and think as rationally as ye does, you are actually insulting Mac users far more than I've ever been able to. Good job!

            snicker, smirk :)
            NonZealot
          • Oh yeah, ye is just SO rational

            Just don't tell him to do a little research about known
            Windows vulnerabilities on the web with a simple Google
            search. He will deny them.

            ..and must we forget that he has been called out for
            posting false Mac system profile information,

            Oh, and it's quite funny how he is so quick to call people
            Mac Zealots but never says a word about the Windows
            Zealots.

            Uh-huh, he is right up your alley in terms of
            "rationality", you two seem to work well together. Nice
            try!
            Kid Icarus-21097050858087920245213802267493
          • I see you don't know the difference between...

            ...a vulnerability and an exploit.

            [i]Just don't tell him to do a little research about known
            Windows [b]vulnerabilities[/b] on the web with a simple Google
            search. He will deny them.[/i]

            No where have I ever denied vulnerabilities exist. Actually I've never denied exploits
            exist either. With that said not sure what point you were trying to make.
            ye
          • Well...

            What would you know about thinking rationally?
            ego.sum.stig
          • LOL as I type this on my MacBook

            Just can't accept that a Mac user stepped out of line with the rest of the herd and
            actually thinks for himself.
            ye
          • A Macbook?

            Considering your opinion on them I'd have thought you would have called it a crackbook.

            But then there's not a lot of sense to be had from you when all you do is shovel the proverbial about Macs.
            ego.sum.stig
          • You must have me confused for someone else.

            I challenge you to quote me where I've "shoveled the proverbial about Macs".
            ye
          • cool...MAC on MAC crime

            Mac1: We're Macs..we're invulnerable
            Mac2: Still we should be careful
            Mac1: Why, we're Macs..we're invulnerable
            Mac2: We should still watch where we are going. We're in the minority so no one is really paying attention to us right now.
            Mac1: You're not a Mac, we're invulnerable
            Mac2: I am too a Mac
            Mac1: No you're not.
            Mac2: Am too
            Mac1: Not!
            Yax_to_the_Max
          • Not once

            have I seen the prior poster say anything negative about a Mac, that wasn't genuinely true anyway, and even then he's done so in a manner unlike that of the ABM crowd. <br>
            I think you are confusing the fact he dislikes other Mac users who are completely subjective and quite honestly blinded by an OS to the point of defending it like Steve Jobs was their Father. Well, that could be the case many times, that's hard to know but quite possible. <br><br>
            In any case, you've completely missed the point and apparently lack any reading comprehension. The biggest irony, however is you accuse those most objective of your own behavior. <br>
            Your Granny was right about you.
            xuniL_z
      • Blinders are bliss

        You have a great set.
        Crestview
    • I don't know who's dumber

      The zealots for making the crazy claims or you for listening to them.
      magcomment
      • yeah, NonZealot...

        I don't believe NonZealot is really stupid enough to believe half of the junk he writes... he just likes making things up to try to make people upset...
        doh123
    • Outside of your fevered brain

      no one has said impossible. What they have said is that the current malware is NOT
      drive-by. To date there is no drive-by in the wild.

      Fact. OS X is still the more secure operating system. Deal with it.
      frgough
      • you left something unsaid

        [i]To date there is no drive-by in the wild.[/i]

        That you know of.

        [i]Fact. OS X is still the more secure operating system. Deal with it.[/i]

        No argument there, I'm just not sure that will always be the case.
        Badgered
        • RE: you left something unsaid

          ...Fact. OS X is still the more secure operating system. Deal with it...

          Betweem OS X and WinXP/Vista, perhaps. Between OS X and many Linux/BSD/Solaris distros, definitely not!
          joe6pack_z
      • Watch

        The pace is going to pick up rapidly for you Mac home-boys as the OS gains "popularity" (smirk). Once the code breakers and hackers turn attention to pOSX, your dream date is all gone. Deal with it.
        Crestview