Apple patches Pwn2Own flaw in massive Mac OS X update

Apple patches Pwn2Own flaw in massive Mac OS X update

Summary: Apple has shipped another Mac OS X mega-update with fixes for 54 security vulnerabilities, including one that was used to hijack an iPhone 4 device at this year's CanSecWest Pwn2Own hacker challenge.

SHARE:

Apple has shipped another Mac OS X mega-update with fixes for 54 security vulnerabilities, including one that was used to hijack an iPhone 4 device at this year's CanSecWest Pwn2Own hacker challenge.

The Pwn2Own vulnerability, exploited by researchers Charlie Miller (right) and Dion Blazakis, was originally billed as a flaw in MobileSafari but Apple says the issue exists in the way QuickLook handles Microsoft Office files.

A memory corruption issues existed in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution.

During the Pwn2Own hack, Miller used the iPhone 4's built-in Safari browser to surf to a rigged Web site hosting a Microsoft PowerPoint document.  Once the document was opened, Miller was able to launch the exploit and hijack the iPhone's address book.

The new Mac OS X v10.6.7,  which should be treated as a high-priority update, also fixes numerous issues that could allow remote code execution attacks via rigged image or font files.

[ SEE: Charlie Miller wins Pwn2Own again with iPhone 4 exploit ]

Some examples of the more serious vulnerabilities:

follow Ryan Naraine on twitter

  • AppleScript: A format string issue existed in AppleScript Studio's generic dialog commands ("display dialog" and "display alert"). Running an AppleScript Studio-based application that allows untrusted input to be passed to a dialog may lead to an unexpected application termination or arbitrary code execution.
  • ATS: A heap buffer overflow issue existed in the handling of OpenType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution; Multiple buffer overflow issues existed in the handling of TrueType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
  • CoreText: A memory corruption issue existed in CoreText's handling of font files. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
  • ImageIO: A heap buffer overflow issue existed in ImageIO's handling of JPEG images. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution; An integer overflow issue existed in ImageIO's handling of XBM images. Viewing a maliciously crafted XBM image may result in an unexpected application termination or arbitrary code execution;  A buffer overflow existed in libTIFF's handling of JPEG encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.
  • Installer: A URL processing issue in Install Helper may lead to the installation of an agent that contacts an arbitrary server when the user logs in. The dialog resulting from a connection failure may lead the user to believe that the connection was attempted with Apple.
  • QuickLook: A memory corruption issue existed in QuickLook's handling of Excel files. Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.
  • QuickTime: Multiple memory corruption issues existed in QuickTime's handling of JPEG2000 images. Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution; An integer overflow existed in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution; A memory corruption issue existed in QuickTime's handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution.

Topics: Apple, Hardware, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

85 comments
Log in or register to join the discussion
  • RE: Apple patches Pwn2Own flaw in massive Mac OS X update

    54 security vulnerabilities? Yikes!
    Loverock Davidson
    • RE: Apple patches Pwn2Own flaw in massive Mac OS X update

      @Loverock Davidson <br>Yikes indeed, not to take away from Microsoft or Linux flaws, but didn't Mac OS X get a massive number of updates just days before the Pwn2Own contest as well?

      Quote:
      With obvious eyes on this year?s CanSecWest Pwn2Own hacker challenge, Apple today dropped two major security updates for Safari and iOS to fix more than 60 vulnerabilities that could be used to hijack Windows, Mac OS X or iPhone/iPod Touch devices.
      Cyrorm
      • RE: Apple patches Pwn2Own flaw in massive Mac OS X update

        @Cyrorm

        Safari was updated before Pwn2Own but not OS X. This is an OS X update
        maskman01
      • RE: Apple patches Pwn2Own flaw in massive Mac OS X update

        @maskman01

        Quicktime is not Mac OS X yet it is listed in this Mac OS X update. But that is just arguing semantics. Obviously there were some flaws in the "Just works" OS, just like there are in all others. I just hope they weren't holding any of these fixes for more than a few weeks after they were done testing to ensure they didn't break anything else by fixing these issues.
        Cyrorm
      • Apple does not hold onto fixes

        @Cyrorm
        They aren't like Microsoft that holds onto fixes until some predefined date. Apple releases patches as soon as they are ready. That is why you never know when the next patch is going to drop.
        edtimes
      • LOL! It's funny you actually believe this!

        @Cyrorm: <i>Apple releases patches as soon as they are ready.</i><br><br>Because we know that 54 patches were all ready on the exact same date!<br><br><i>That is why you never know when the next patch is going to drop.</i><br><br>Which I consider unfortunate.
        ye
      • Do you have proof they weren't?

        [i]Because we know that 54 patches were all ready on the exact same date[/i]

        How do you know they weren't? Apple has publicly stated that they don't sit on patches and the record is a perfect one: Apple has never been hit with an exploit.

        [i]Which I consider unfortunate.[/i]

        No, it keeps the bad guys guessing. This is a good thing. Again, Apple's security record is perfect so it is obviously working.
        edtimes
      • Common sense.

        @edtimes: <i>How do you know they weren't?[/i]<br><br>Something that is absent in Mac fanboys.<br><br><i>Apple has publicly stated that they don't sit on patches and the record is a perfect one: Apple has never been hit with an exploit.</i><br><br>Another Apply fanboy equating lack of attention to the platform with security.<br><br><i>No, it keeps the bad guys guessing.</i><br><br>PWN2OWN would suggest otherwise.<br><br><i>This is a good thing. Again, Apple's security record is perfect so it is obviously working.</i><br><br>If by "maintaining a low market share" then yes, I would agree with you. Their security strategy is working quite well.</i>
        ye
      • iPad has a huge marketshare

        iPad's marketshare is bigger than Windows 7's marketshare yet Windows 7 gets hit by FAR more malware than iPad does. Poof: there goes the marketshare argument!
        edtimes
      • LOL! It's funny you actually believe that too!

        @edtimes: [i]iPad's marketshare is bigger than Windows 7's marketshare yet Windows 7 gets hit by FAR more malware than iPad does. Poof: there goes the marketshare argument![/i]

        You're grasping. I must say as the fanboys go you're one of the top cheerleaders!
        ye
      • RE: Apple patches Pwn2Own flaw in massive Mac OS X update

        @edtimes
        >>iPad's marketshare is bigger than Windows 7's marketshare
        Could you please prove it.
        Ram U
      • RE: Apple patches Pwn2Own flaw in massive Mac OS X update

        @Cyrorm yes they did, but the contest didn't allow any browser or platform updates after a certain date which was prior to the event. This was done to keep all OS and browsers on the same series of updates.
        apetti
      • @Rama: Happily

        [i]Could you please prove it.[/i]

        iPad has something like 95% marketshare.

        Windows 7 has something like 20% marketshare.

        iPad has no malware attacking it.

        Windows 7 has more than 100,000 pieces of malware attacking it.

        Marketshare argument countered. Case closed.
        edtimes
      • Try comparing like to like.

        @edtimes: One can only install applications on the iPad through Apple and only after they've been vetted by Apple. Not so for Windows (or OS X for that matter).<br><br>Your desperation isn't helping you.

        [i]Windows 7 has more than 100,000 pieces of malware attacking it.[/i]

        Really? That's Windows 7 specific malware which only targets Windows 7 and not all versions of Windows combined? Can you show me the data supporting these numbers?
        ye
      • RE: Apple patches Pwn2Own flaw in massive Mac OS X update

        @edtimes

        For an Apple Fanboy you must be riding the short bus. You're trying to compare the iPad to Widows 7. ROFL! Thats two different worlds. Tablet vs Operating System? ROFL!
        Username894
      • RE: Apple zealots claim iPad has a huge marketshare

        @edtimes
        You claim: [i]"Pad's marketshare is bigger than Windows 7's marketshare yet Windows 7 gets hit by FAR more malware than iPad does. Poof: there goes the marketshare argument!"[/i]

        Talk about grasping at straws! Talk about denial! Talk about ignorance!

        For the record, these OS X v10.6.7 security patches did NOT make it yet into iOS which still is vulnerable! Duh.

        And Windows 7 has sold over 300 million copies versus 15 million for the iPad. Duh!

        Finally Windows 7 is much more robust than OS X even after these 54 critical vulnerability patches.

        Just as Pwn2Own demonstrated for 4 years in a row...

        [i]~~~~~~~~~~
        I can stand brute force, but brute reason is quite unbearable. There is something unfair about its use. It is hitting below the intellect.
        ~ Oscar Wilde

        It is impossible to make people understand their ignorance; for it requires knowledge to perceive it and therefore he that can perceive it hath it not.
        ~ Jeremy Taylor (1613 - 1667) [/i]
        WinTard
      • I had a feeling Micro$oft was involved

        [i]A memory corruption issues existed in QuickLook?s handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution.[/i]

        Now they're spreading their germs to Apple. lol...
        LTV10
      • RE: Apple patches Pwn2Own flaw in massive Mac OS X update

        @Cyrorm<br>I updated my up until then fully patched Snow Leopard IMac with something like 575mb worth of patches a couple or three weeks before CanSecWest, then a week later had another smaller update. I remember the patch being larger than the SP1 on my Win7 computer.
        michael56555@...
      • RE: Apple patches Pwn2Own flaw in massive Mac OS X update

        @Cyrorm

        You said "didn't Mac OS X get a massive number of updates just days before the Pwn2Own"

        I said: " Safari was updates"

        My point was merely that A Mac and Windows App was updated Safari and not OSX (which is an OS)
        maskman01
      • LTV10. Thanks for emphasizing the Apple software flaw.....

        by making your typical circa 1995 ABM joke.

        <i>memory corruption issues existed in QuickLooks </i>

        Yeah, boy, Apple has a firecracker team of devs. Wooo weee.

        OS X is one giant scab holding on with band-aids 1000 layers deep.
        LOL.
        xuniL_z