Apple patches Pwn2Own flaw in massive Mac OS X update
Summary: Apple has shipped another Mac OS X mega-update with fixes for 54 security vulnerabilities, including one that was used to hijack an iPhone 4 device at this year's CanSecWest Pwn2Own hacker challenge.
Apple has shipped another Mac OS X mega-update with fixes for 54 security vulnerabilities, including one that was used to hijack an iPhone 4 device at this year's CanSecWest Pwn2Own hacker challenge.
The Pwn2Own vulnerability, exploited by researchers Charlie Miller (right) and Dion Blazakis, was originally billed as a flaw in MobileSafari but Apple says the issue exists in the way QuickLook handles Microsoft Office files.
A memory corruption issues existed in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution.
During the Pwn2Own hack, Miller used the iPhone 4's built-in Safari browser to surf to a rigged Web site hosting a Microsoft PowerPoint document. Once the document was opened, Miller was able to launch the exploit and hijack the iPhone's address book.
The new Mac OS X v10.6.7, which should be treated as a high-priority update, also fixes numerous issues that could allow remote code execution attacks via rigged image or font files.
[ SEE: Charlie Miller wins Pwn2Own again with iPhone 4 exploit ]
Some examples of the more serious vulnerabilities:
- AppleScript: A format string issue existed in AppleScript Studio's generic dialog commands ("display dialog" and "display alert"). Running an AppleScript Studio-based application that allows untrusted input to be passed to a dialog may lead to an unexpected application termination or arbitrary code execution.
- ATS: A heap buffer overflow issue existed in the handling of OpenType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution; Multiple buffer overflow issues existed in the handling of TrueType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
- CoreText: A memory corruption issue existed in CoreText's handling of font files. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
- ImageIO: A heap buffer overflow issue existed in ImageIO's handling of JPEG images. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution; An integer overflow issue existed in ImageIO's handling of XBM images. Viewing a maliciously crafted XBM image may result in an unexpected application termination or arbitrary code execution; A buffer overflow existed in libTIFF's handling of JPEG encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.
- Installer: A URL processing issue in Install Helper may lead to the installation of an agent that contacts an arbitrary server when the user logs in. The dialog resulting from a connection failure may lead the user to believe that the connection was attempted with Apple.
- QuickLook: A memory corruption issue existed in QuickLook's handling of Excel files. Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.
- QuickTime: Multiple memory corruption issues existed in QuickTime's handling of JPEG2000 images. Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution; An integer overflow existed in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution; A memory corruption issue existed in QuickTime's handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: Apple patches Pwn2Own flaw in massive Mac OS X update
RE: Apple patches Pwn2Own flaw in massive Mac OS X update
Quote:
With obvious eyes on this year?s CanSecWest Pwn2Own hacker challenge, Apple today dropped two major security updates for Safari and iOS to fix more than 60 vulnerabilities that could be used to hijack Windows, Mac OS X or iPhone/iPod Touch devices.
RE: Apple patches Pwn2Own flaw in massive Mac OS X update
Safari was updated before Pwn2Own but not OS X. This is an OS X update
RE: Apple patches Pwn2Own flaw in massive Mac OS X update
Quicktime is not Mac OS X yet it is listed in this Mac OS X update. But that is just arguing semantics. Obviously there were some flaws in the "Just works" OS, just like there are in all others. I just hope they weren't holding any of these fixes for more than a few weeks after they were done testing to ensure they didn't break anything else by fixing these issues.
Apple does not hold onto fixes
They aren't like Microsoft that holds onto fixes until some predefined date. Apple releases patches as soon as they are ready. That is why you never know when the next patch is going to drop.
LOL! It's funny you actually believe this!
Do you have proof they weren't?
How do you know they weren't? Apple has publicly stated that they don't sit on patches and the record is a perfect one: Apple has never been hit with an exploit.
[i]Which I consider unfortunate.[/i]
No, it keeps the bad guys guessing. This is a good thing. Again, Apple's security record is perfect so it is obviously working.
Common sense.
iPad has a huge marketshare
LOL! It's funny you actually believe that too!
You're grasping. I must say as the fanboys go you're one of the top cheerleaders!
RE: Apple patches Pwn2Own flaw in massive Mac OS X update
>>iPad's marketshare is bigger than Windows 7's marketshare
Could you please prove it.
RE: Apple patches Pwn2Own flaw in massive Mac OS X update
@Rama: Happily
iPad has something like 95% marketshare.
Windows 7 has something like 20% marketshare.
iPad has no malware attacking it.
Windows 7 has more than 100,000 pieces of malware attacking it.
Marketshare argument countered. Case closed.
Try comparing like to like.
[i]Windows 7 has more than 100,000 pieces of malware attacking it.[/i]
Really? That's Windows 7 specific malware which only targets Windows 7 and not all versions of Windows combined? Can you show me the data supporting these numbers?
RE: Apple patches Pwn2Own flaw in massive Mac OS X update
For an Apple Fanboy you must be riding the short bus. You're trying to compare the iPad to Widows 7. ROFL! Thats two different worlds. Tablet vs Operating System? ROFL!
RE: Apple zealots claim iPad has a huge marketshare
You claim: [i]"Pad's marketshare is bigger than Windows 7's marketshare yet Windows 7 gets hit by FAR more malware than iPad does. Poof: there goes the marketshare argument!"[/i]
Talk about grasping at straws! Talk about denial! Talk about ignorance!
For the record, these OS X v10.6.7 security patches did NOT make it yet into iOS which still is vulnerable! Duh.
And Windows 7 has sold over 300 million copies versus 15 million for the iPad. Duh!
Finally Windows 7 is much more robust than OS X even after these 54 critical vulnerability patches.
Just as Pwn2Own demonstrated for 4 years in a row...
[i]~~~~~~~~~~
I can stand brute force, but brute reason is quite unbearable. There is something unfair about its use. It is hitting below the intellect.
~ Oscar Wilde
It is impossible to make people understand their ignorance; for it requires knowledge to perceive it and therefore he that can perceive it hath it not.
~ Jeremy Taylor (1613 - 1667) [/i]
I had a feeling Micro$oft was involved
Now they're spreading their germs to Apple. lol...
RE: Apple patches Pwn2Own flaw in massive Mac OS X update
RE: Apple patches Pwn2Own flaw in massive Mac OS X update
You said "didn't Mac OS X get a massive number of updates just days before the Pwn2Own"
I said: " Safari was updates"
My point was merely that A Mac and Windows App was updated Safari and not OSX (which is an OS)
LTV10. Thanks for emphasizing the Apple software flaw.....
<i>memory corruption issues existed in QuickLooks </i>
Yeah, boy, Apple has a firecracker team of devs. Wooo weee.
OS X is one giant scab holding on with band-aids 1000 layers deep.
LOL.