Apple plugs 25 Mac OS X security vulnerabilities

Apple plugs 25 Mac OS X security vulnerabilities

Summary: Apple has shipped another Mac OS X monster update to fix a total of 25 documented vulnerabilities that could lead to arbitrary code execution attacks.With Security Update 2008-004, Apple fixes code execution flaws in Launch Services, SMB File Server, System Configuration, VPN and WebKit.

SHARE:

Mac OS X update plugs security holesApple has shipped another Mac OS X monster update to fix a total of 25 documented vulnerabilities that could lead to arbitrary code execution attacks.

With Security Update 2008-004, Apple fixes code execution flaws in Launch Services, SMB File Server, System Configuration, VPN and WebKit.

It also incorporates fixes for six highly critical -- and previously disclosed -- vulnerabilities in Ruby, the popular open-source scripting language.  The update also sees a major Tomcat patch that addresses nine  vulnerabilities, the most serious of which may lead to a cross-site scripting attack.

Here's the skinny from Apple's security bulletin:

Alias Manager (CVE-2008-2308):  A memory corruption issue exists in the handling of AFP volume mount information in an alias data structure. Resolving an alias containing maliciously crafted volume mount information may lead to an unexpected application termination or arbitrary code execution.  This issue only affects Intel-based systems running Mac OS X 10.5.1 or earlier.

CoreTypes (CVE-2008-2309):  This update adds .xht and .xhtm files to the system's list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from a web page. While these content types are not automatically launched, if manually opened they could lead to the execution of a malicious payload.

c++filt (CVE-2008-2310): A format string issue exists in c++filt, which is a debugging tool used to demangle C++ and Java symbols. Passing a maliciously crafted string to c++filt may lead to an unexpected application termination or arbitrary code execution.  This issue does not affect systems prior to Mac OS X 10.5.

Dock (CVE-2008-2314): When the system is set to require a password to wake from sleep or screen saver, and Exposé hot corners are set, a person with physical access may be able to access the system without entering a password.  This issue does not affect systems prior to Mac OS X 10.5.

Launch Services (CVE-2008-2311): A race condition exists in the download validation of symbolic links, when the target of the link changes during the narrow time window of validation. If the "Open 'safe' files" preference is enabled in Safari, visiting a maliciously crafted website may cause a file to be opened on the user's system, resulting in arbitrary code execution. This issue does not affect systems running Mac OS X 10.5 or later.

Net-SNMP (CVE-2008-0960): An issue exists in Net-SNMP's SNMPv3 authentication, which may allow maliciously crafted packets to bypass the authentication check.  Additional information is available from US-CERT.

Ruby: Multiple memory corruption issues exist in Ruby's handling of strings and arrays, the most serious of which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of strings and arrays.  Also,  if WEBRick is running, a remote attacker may be able to access files protected by WEBrick's :NondisclosureName option

[ SEE: Apple security team finds code execution holes in Ruby ]

SMB File Server (CVE-2008-1105): A heap buffer overflow exists in the handling of SMB packets. Sending malicious SMB packets to a SMB server, or connecting to a malicious SMB server, may lead to an unexpected application termination or arbitrary code execution.

System Configuration (CVE-2008-2313): A local user may be able to populate the User Template directory with files that will become part of the home directory when a new user is created. This could allow arbitrary code execution with the privileges of the new user.  This issue does not affect systems running Mac OS X 10.5 or later.

Tomcat:  Tomcat version 4.x is bundled on Mac OS X v10.4.11 systems. Tomcat on Mac OS X v10.4.11 is updated to version 4.1.37 to address several vulnerabilities, the most serious of which may lead to a cross-site scripting attack. Further information is available via the Tomcat site.

VPN (CVE-2007-6276): A divide by zero issue exists in the virtual private network daemon's handling of load balancing information. Processing a maliciously crafted UDP packet may lead to an unexpected application termination. This issue does not lead to arbitrary code execution.

WebKit (CVE-2008-2307):  A memory corruption issue exists in WebKit's handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.  Along with this fix, the version of Safari for Mac OS X v10.5.4 is updated to 3.1.2.

Topics: Operating Systems, Apple, Hardware, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

36 comments
Log in or register to join the discussion
  • Another 25?

    Wow, how come people are finding so many holes in OS X? Has anything changed? There never used to be so many security vulnerabilities in OS X or could it simply be that they've [b]always[/b] been there and they've simply never been reported before?

    Either way, it sure puts that whole "OS X is safer" thing into perspective for me. I don't mind paying more for a superior product (which is why I bought the Archos and not the iPod and will buy the HTC Touch Diamond and not the iPhone) but there is no rational reason to pay more for something with so many bugs in it!
    NonZealot
    • Ah NonZealot...

      you sure do know how to get an OS battle going :).

      -Nate
      nmcfeters
      • The battles don't seem to crop up much anymore.

        At least not wrt to security. I get the impression Mac zealots are finally realizing the emperor has no clothes and the Mac is no more secure than Windows. Thus they (finally) realized the futility of their position.
        ye
        • Yeah...

          same for the Windows zealots.
          jasonp@...
          • What argument(s) would you be referring to? (nt)

            .
            ye
          • The same tired arguments...

            that the NBMers use, no different than those of the ABMers except for the name drops. Let's look at some examples...

            NBMer - Microsoft makes the most secure software, much better than X.

            ABMer - X makes themost secure software, much better than Microsoft.

            NBMer - Closed source programs like those from Microsoft are clearly better than anything from the open source world.

            ABMer - Open source programs like those from X are clearly better than anything from the closed source world.

            NBMer - X sucks. Microsoft rules.

            ABMer - Microsoft sucks. X rules.

            They use the same arguments, just switching around the names. I see it every single day on these forums. If you don't, you either fall into the NBMer or ABMer category yourself or you just don't pay attention. It's like the constant prattle of babies in the workplace...an interesting diversion from time to time, but at the end of the day nothing more than a some noise and no substance.
            jasonp@...
          • It's one of degree.

            While there are examples of both I would say the number of ABMers outweigh (or are at least more vocal) the number of NBMers. Especially wrt to security. It used to be no matter how trivial, insignificant, what-have-you the security issue with Windows the ABMers would attack Windows as insecure. Today such attacks are significantly lower. As evidenced by this talkback they can't even be goaded into such an discussion
            ye
        • In theory OS X is more secure

          "I get the impression Mac zealots are finally realizing the emperor has no clothes and the Mac is no more secure than Windows."

          In theory, OS X is more secure than Windows. The problem is that Apple drags its feet in sending security fixes sometimes.
          Ed Lin
          • Here we go again with the vague statements of better security...

            ...in OS X. Will you be the first to actually detail what, in theory, makes OS X more secure?
            ye
          • Nah...

            Why don't you come out of your shill and expound at length why OS X isn't more secure than Windows, or why Windows is the same in terms of security as OS X, or if you can why OS X is more secure than Windows?
            zkiwi
          • Um, why would he?

            Why would he attempt to prove or disprove someone else's claims? That's not how it works. You make a claim, you back it up. Claiming that you have yet to see evidence to someone else's claims is not supportable, only contradictable.


            In all reality, your comment lent nothing to the conversation except an air of smartass. Why did you even bother? Is there a reason you chose to attempt to get fights started? Are you [i]that[/i] uncivilized that a simple conversation and a requestion for more information is taken as a snide remark that must be retaliated against? Even if it was a snide remark, is there a reason you must act like a child and come back at it?


            Grow up.
            laura.b
          • Well...

            Seeing as there's never a straight answer (or for that matter question) from ye on anything, it does get old. Yet he expects other people to detail their position to the nth degree and in doing so twists and turns and spins around and around. Honestly, he makes a politician seem straightforward.
            zkiwi
          • Just some facts

            Let's see, OS X doesn't as a default set the first user account as administrator (root in OS X) as Windows does. A password is required for running system priviledged items, or executing items that affect the entire system. There is very little malware that affects OS X. I don't even use OS X and I know that, there are some facts for ya!! Feel better?
            sleppy37
          • re: Just some facts

            [i]Let's see, OS X doesn't as a default set the first user account as administrator (root in OS X) as Windows [b]XP and earlier[/b] does.[/i]

            Just added a little clarification for ya.

            [i]A password is required for running system priviledged items, or executing items that affect the entire system.[/i]

            True, though Vista does prompt you for permission before installing anything. Not too much different IMO.

            [i]There is very little malware that affects OS X. [/i]

            and that is where the real difference between OS X and Windows lies in terms of security. Though if OS X continues to gain market share, that may change.
            Badgered
          • @ Badgered

            "There is very little malware that affects OS X.

            and that is where the real difference between OS X and Windows lies in terms of security. Though if OS X continues to gain market share, that may change."

            Not sure I agree with this comment yes there are less known exploits for OSX but this in itself does not mean that the OS is more secure just that the people that write this stuff dont see a point in attacking such a small market share. Just because no one has broken into my house does not necessarly mean it is more secure than my neighbors who have been broken into just less attractive.
            willpd13
          • @ willpd13

            [i]Not sure I agree with this comment yes there are less known exploits for OSX but this in itself does not mean that the OS is more secure just that the people that write this stuff dont see a point in attacking such a small market share. Just because no one has broken into my house does not necessarly mean it is more secure than my neighbors who have been broken into just less attractive.[/i]

            What I typed was that it was the difference in security between the OSes. Not that OS X is more secure. My thought is that you are safer using OS X (for now) because of the lack of malware in the wild.

            In other words, if two houses have pretty much the same locks... the house in the middle of a corn field next to nowhere is less likely to be broken into than the one in the suburbs.
            Badgered
          • @ Badgered

            Cant argue with that logic :)
            willpd13
    • Lost their BSD roots.

      They have taken BSD, and obviously ignored/bypassed and ruined the secure base, probably for usability and maybe in some cases because their developers are not that talented (every company has some that aren't very good). Mix that up, and you are apparently seeing the results.

      The core (BSD) OpenBSD, FreeBSD, are still incredibly secure, so obviously Apple has caused the problem.

      Looking at the list, maybe the system configuration one is common to regular BSD (I don't know, best guess).

      TripleII
      TripleII-21189418044173169409978279405827
      • OpenBSD !=BSD

        There is nothing inherent in BSD that makes it secure. The OpenBSD projects claim to security fame is due to two things:

        1. Thorough auditing of the code to minimize bugs.
        2. Shipping it with a default configuration that is secure but less useable.
        ye
        • Absolutely, that's my point.

          They lost their BSD roots.
          [B]and ruined the secure base, probably for usability [/B]

          They may want to look at the processes they are using to enhance usability.

          TripleII
          TripleII-21189418044173169409978279405827