Apple patch batch fixes 17 Mac OS X vulnerabilities

Apple patch batch fixes 17 Mac OS X vulnerabilities

Summary: The latest mega update is the fifth from Apple this year and brings the patch total for 2007 up to 109.

SHARE:

Apple has shipped a Mac OS X update with patches for a total of 17 potentially serious security vulnerabilities.Mac OS X Security

The latest mega update is the fifth from Apple this year and brings the patch total for 2007 up to 109.

With Security Update 2007-005, Apple is fixing a host of denial-of-service and arbitrary code execution issues affecting several built-in Mac OS X components.

One of the more serious vulnerabilities, in CoreGraphics, could allow an attacker to use a rigged PDF file to launch code execution attacks. This is caused by an integer overflow vulnerability in the way PDF files are handled.

"By enticing a user to open a maliciously crafted PDF file, an attacker could trigger the overflow which may lead to an unexpected application termination or arbitrary code execution," Apple warned in an advisory.

iChatAnother potentially serious buffer overflow was also identified in UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in iChat.

"By sending a maliciously crafted packet, an attacker on the local network can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution," Apple said.

Four different denial-of-service issues in BIND are also addressed along with holes in Alias Manager, fetchmail, file (code execution possible), mDNSResponder, PPP, ruby, screen, texinfo and VPN.

[UPDATE: May 25, 2007 @ 11:21 am]  Immunity has released exploit code for the mDNSResponder (Bonjour) vulnerability, which brings code execution risks.

Topics: Apple, Hardware, Operating Systems, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

149 comments
Log in or register to join the discussion
  • That's OK

    Just wait for Leopard. Itt'll be their most secure, and stable OS to date.
    John Zern
  • Wow, Apple developers are impressive!

    [i]Apple has shipped a Mac OS X update with patches for a total of 17 potentially serious security vulnerabilities.[/i]

    Since the Mac zealots tell us that Apple releases patches [b]the moment they are ready[/b], we can only conclude that the developers finished all these patches at [b]exactly the same time[/b]. Impressive!
    NonZealot
    • Guess so....can you "PROVE" it other wise?

      Not that I care mind you but you did start it now didn't you?

      Pagan jim
      Laff
      • The odds are against it.

        .
        ye
        • Granted but that is not proof nor fact.

          Pagan jim
          Laff
          • So?

            But since when does one have to prove an assertion they make? You, as an individual, can choose to believe it or not, or even disprove it if you can. The probability of it being true is so high that it would not be worth the effort to prove, if it could be, as is the probability that your question is not rhetorical.
            Kama-sama
          • In most cases almost all I do not choose to believe at all.

            I enither know or I don't. But I'm not fond on belief and I think history backs me on
            that one...:P

            Pagan jim
            Laff
    • actually its probably true...

      the last step before being able to distribute a patch is to get one of the bigger bosses to sign off on it, and he/she/it was probably too lazy to do them all until one day he/she/it decided to sign off on them all at the same time.
      doh123
  • Wow, OSX is SO secure!!

    [i]One of the more serious vulnerabilities, in CoreGraphics, could allow an attacker to use a rigged PDF file to launch code execution attacks.[/i]

    I thought it was a severe security flaw to have applications (like the PDF viewer) use libraries (like CoreGraphics)? After all, isn't that why IE is so bad (it uses the Trident HTML rendering library). Does this mean that the PDF viewer is embedded deep, deep, deep within OSX and can't be removed? Hmm, it would appear that OSX does exactly what all the Mac zealots tell us is so wrong with Windows!
    NonZealot
    • Seriously....

      Are you paid to post?

      No one can be so ridiculous for real.
      IAHawkeye
      • Mac flaws start to surface

        The obvious flaws are starding to surfaces. As more users (Sheep, drone etc..) turn themselves in and board the mac isolation bubble, hackers and security firms will start discovering how bad as mac can be. When enough bugs (won?t take long) are discovered, Apple will not be able to overcharge as much for its flawed product and will just become another ordinary PC supplier selling PC for windows (or linux). There is simply no reason for a tigh close machine as a Mac. When Apple switch to Intel chip,the 1st thing mac users did was to install windows. That along says a lot.

        Mac was never a serious computer, never and never will. Working in a prison appart from the rest of the world is not the way to go.
        Mectron
        • Overcharge?

          I'm always humoured by Windows zealots who accuse Apple of overcharging.

          Perhaps they should look at the pricing of Windows - why is it that I can buy Mac OS X for about half the price of an equivalent version of Windows? Why are there 6 separate Windows versions? Why does Microsoft's Windows business unit report an 80% profit margin?

          Overcharge? Microsoft? Heaven forbid!!

          As for hardware prices, you'll find that Apple products are no more expensive than comparable products from other PC vendors. What many Windows zealots do is look at the [b]cheapest[/b] Windows box and compare it to a Mac. Apple has never competed on price alone, they compete based on value for money. Try comparing a MacBook to a Sony Vio with the same specs - the Sony will cost twice as much, maybe more.

          You might also note that MS has nothing to do with the low cost of PCs, their OS margin is guaranteed through volume licencing. Anyhow, the cost of Apple hardware is irrelevant to this article.
          Fred Fredrickson
          • A very typical Mac user response

            <i> why is it that I can buy Mac OS X for about half the price of an equivalent version of Windows?</i><br><br>
            You conveniently leave out the part that the only way you can use that software is to buy a Mac, which will be costly and already have OS X on it. So why would you compare the price of OS X to Windows Vista? You can actually install Vista on the machine of your choice, including a Mac, that makes it worth more right there. But please stop with the price comparison. You are talking about the price of an upgrade and it's not really any less than the comparible Vista upgrade version. Unless for some reason you like to buy your Mac, go out and buy OS X, then reformat your machine and install it clean from the version you purchased seperately? That is insane! The price of OS X is buried in the super high margin prices they charge for the same hardware that goes into all PCs now. And no, it's not a cheap windows machine compared against a Mac. I am looking at Vista Desktop that is twice the machine from Apple for under 1000 bucks. I can find many laptops that blow the macbook <b>Pro</b> away in specs AND in price. <br>
            xuniL_z
          • So...

            You want to buy a brand new computer rather than just Vista. Ah well, I guess you come out poorer than the guy who just buys OS X and installs it happily on their current computer.
            zkiwi
          • So.....

            I can go out and get OS X and load it on my Toshiba laptop? I can't say I'd happily load it on my Toshiba, since OS X is like a manufacturer pack. Since Apple is a computer company like Dell the software they ADD is just so the machine has something to start with, hence OS X on Macs, and all the crapware on Dells. <br> Even Mac users then buy Windows, so you are saying buying a 3000.00 Mac, then purchasing the FULL version of Vista seperately is the cheaper route for those that want state of the art equipment? Wow, you are quite touched.
            xuniL_z
          • I think you need

            One of those gps driving things. You completely missed the turn.
            zkiwi
          • You forgot the part where part of the price is shunted

            to the hardware.

            A 400 dollar computer with a 300 dollar OS costs 700 total .

            a 550 dollar computer with a 150 dollar OS costs 700 total.

            I don't see the difference.
            John Zern
          • See with open eyes

            The difference is in your arbitrary choice of numbers to result in a sum of the same number. From where do you attribute each price?

            From the minimal information you gave, I'll attempt to form a proper response. Assuming the first one is a PC/Windows combination, I'll further assume that the $300 OS is some version of Ultimate despite that not being the correct price (but closest). It is unlikely that someone who needs the functionality of Ultimate will buy a $400 PC, and furthermore such a cheap computer will probably not even run Ultimate well.

            But the above is moot if the OS comes installed on the PC, as OEM prices are greatly reduced.
            Kama-sama
          • $600 Cdn. for osx's version of REMOTE DESKTOP...

            ...that's FREE with xppro.
            Feldwebel Wolfenstool
        • Heeheheh

          Stay off the bottle man....... it's no good for you.
          IAHawkeye