Apple plugs 28 Mac OS X security holes

Apple plugs 28 Mac OS X security holes

Summary: In some cases, a hacker could take complete control of an affected Mac OS X machine if a user is lured to a malicious Web site or views a rigged movie file.

SHARE:

Apple has shipped another mega Mac OS X patch bundle to fix a total of 28 documented security vulnerabilities affecting the Mac ecosystem.

The update, which includes fixes for the Adobe Flash Player plugin and several open-source components, is rated highly-critical because it exposes Mac OS X users to remote code execution attacks.

In some cases, a hacker could take complete control of an affected machine if a user is lured to a malicious Web site or views a rigged movie file.

[ Apple gives Mac users vulnerable Flash Player plugin ]

Here's the skinny on the most serious issues fixes in this Security Update 2010-004 / Mac OS X v10.6.4 bundle:follow Ryan Naraine on twitter

  • Flash Player plug-in: Multiple vulnerabilities exist in the Adobe Flash Player plug-in, the most serious of which may lead to unauthorized cross-domain requests. The issues are addressed by updating the Flash Player plug-in to version 10.0.45.2.
  • Help Viewer: A cross-site scripting issue exists in Help Viewer's handling of help: URLs. Visiting a maliciously crafted website may lead to the execution of JavaScript in the local domain. This may lead to information disclosure or arbitrary code execution. This issue is addressed through improved escaping of URL parameters in HTML content. This issue does not affect systems prior to Mac OS X 10.6.
  • ImageIO: Multiple integer overflows in the handling of TIFF files may result in a heap buffer overflow. Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution. The issues are addressed through improved bounds checking.
  • ImageIO: A memory corruption exists in the handling of MPEG2 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of MPEG2 encoded movie files.
  • Kerberos: A double free issue exists in the renewal or validation of existing tickets in the KDC process. A remote user may cause an unexpected termination of the KDC process, or arbitrary code execution. This issue is addressed through improved ticket handling.
  • libcurl: A buffer overflow exists in libcurl's handling of gzip-compressed web content. When processing compressed content, libcurl may return an unexpectedly large amount of data to the calling application. This may lead to an unexpected application termination or arbitrary code execution. The issue is addressed by ensuring that the size of data blocks returned to the calling application by libcurl adheres to documented limits.
  • Network Authorization: A format string issue exists in the handling of afp:, cifs:, and smb: URLs. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of afp:, cifs:, and smb: URLs. This issue does not affect systems prior to Mac OS X v10.6.
  • Printing: An integer overflow issue exists in the calculation of page sizes in the cgtexttops CUPS filter. A local or remote user with access to the printer may cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking.

As always, the sucurity update may be obtained from Software Update pane in System Preferences, or Apple's Software Downloads web site.

Topics: Servers, Apple, Hardware, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

20 comments
Log in or register to join the discussion
  • Well done Apple!

    If Apple ever did a poor job with security, they're definitely much better now. Only 28 vulnerabilities were found in OS X this time, and one can clearly see that Apple found many of these internally. If you ever look at a Microsoft security advisory, you'll find they aren't finding anything themselves!
    Trolleur
    • RE: Apple plugs 28 Mac OS X security holes

      @Trolleur That's because MSFT has bigger fish to fry then stupid security.
      MSFTWorshipper
    • RE: Apple plugs 28 Mac OS X security holes

      @Trolleur
      If you think that Apple does well with security, you have fallen deep into the reality distortion field.
      illegaloperation
    • RE: Apple plugs 28 Mac OS X security holes

      @Trolleur

      Let me get this straight... the more security advisories the more secure the OS?!?!
      mikefarinha
    • RE: Apple plugs 28 Mac OS X security holes

      @Trolleur

      ''If Apple ever did a poor job with security, they're definitely much better now''

      YOU ARE AN ID 10 T
      MLHACK
    • RE: Apple plugs 28 Mac OS X security holes

      @Trolleur
      "Only 28 vulnerabilities were found in OS X this time"
      Let me rephrase that for you:
      Only 28 vulnerabilities were fixed in OS X this time.
      And no, I'm not win/linux fanboy.
      pool7
    • RE: Apple plugs 28 Mac OS X security holes

      here we are .. listen to android he will win the war ;) <a href="http://www.top10google.it">Posizionamento siti web</a>
      hotelsudtirol
  • My favorite line

    [i]In some cases, a hacker could take complete control of an affected machine if a user is lured to a malicious Web site or views a rigged movie file.[/i]

    Huh, and yet we get told time and time again from the Apple apologists that drive bys are [b]impossible[/b] on OS X. Huh. I guess they are [b]lying[/b].
    NonZealot
    • RE: Apple plugs 28 Mac OS X security holes

      @NonZealot Drive-by attacks are impossible against *Nix machines.
      MSFTWorshipper
      • RE: Apple plugs 28 Mac OS X security holes

        @MSFTWorshipper

        And isn't OS X a *Nix machine? And doesn't an attack caused by the mere opening of a file without permission escalation qualify as a drive by attack?
        Michael Kelly
    • Link please

      @NonZealot has to start supporting his claims
      Richard Flude
  • RE: Apple plugs 28 Mac OS X security holes

    Let's hope this fixes the huge bug in the new macbook pros. The problem seems to occur most often on the new i5/i7 machines.
    There's a 40page thread with over 450 replies on the mac support website from people complaining about the macbooks "freezing" for no reason at all. People say the problem could be the graphics switching from integrated to discrete. People have sent bug reports to apple with no reply. Let's hope this release fixes thr issue

    http://discussions.apple.com/thread.jspa?threadID=2420192
    blackhawk556
  • RE: Apple plugs 28 Mac OS X security holes

    28 security holes, OMG that's big thank god am using Windows 7 and don't have to waste my time downloading 100s of MB of updates everytime patches are released
    shellcodes_coder
  • RE: Apple plugs 28 Mac OS X security holes

    Oh i can not wait to see what the Stevey Jobs butt buddies have to say on this one. Stevey does not wrong Apple is god the ipad,ipod freaking I everthing i guess Apple does not employ any creative minds lets release a new product and drum roll please """"""" call it Iproduct. My what i bunch of stupid #sses
    MLHACK
  • Wow, amazed

    that they allow Flash to sully the OS in the 1st place.

    As for updates and the number of, seems like I get a lot whether it be Fedora, Windows, and apparently Apple . . .
    Unless it's an abacus, it'll need security updates, right? My abacus doesn't need security updates right, . . it's not wifi, nor usb2.o compatible.
    Boot_Agnostic
  • RE: Apple plugs 28 Mac OS X security holes

    I never ceased to be amazed at how articulate and erudite Windows users appear to be, at least on venues such as these.
    Dateline 2010: 30 million Mac users were shut down today as the ubiquitous 'bite me' virus hit them from simply being on the internet.
    Oh wait, that hasn't happened. Not because Macs have a smaller market share than Windows computers. That's still a juicy target, especially considering the 'reputation' for a lack of successful (go back now and re-read that last word) viruses and malware. Not because Macs are 'invulnerable'. They are computers, ALL computers are vulnerable to some extent or another. The only reason Macs have the reputation they do is by comparison to the constant barrage of Windows viruses and malware. How many tens of thousands of viruses and malware exist or has existed on the MS OS? Add em up.
    Would I rather be hit by a semi driving a Yugo or a Hummer? I'll take my Mac any day. But still keep a weather eye out for vulnerabilities.
    dheady
  • RE: Apple plugs 28 Mac OS X security holes

    I'm Not Trying To Pick A Fight Here. I Mean I Would Not Mind Having An Apple/Mac Or Linux/Unix Myself. I Just Find This Interesting. That Apple/Mac Is Known For Security But There Security Is Getting Hit Hard. Please Relize Any Operating System Can Be Exsploited.
    Synate.Deszeld
  • There is no such thing as perfect software

    There is no perfect software. Chances are, there never will be. Software patches are a way of life, get used to it. I use Windows, Fedora, and now OS X - all of them get regular patches. I'm just happy that I get free updates.

    When Windows XP support gets EOL'ed... people who cannot upgrade the OS on their machine are free to b*tch. The rest of us should just chill out and take the patches as they come. Be thankful you are on a currently supported OS.
    jbekas
  • RE: Apple plugs 28 Mac OS X security holes

    There is a difference between vulnerabilities and exploits. Sure, the Mac OS has vulnerabilities. How many have been exploited in the real world? Darn few. One of the worst was a flaw in a brand name security suite that erroneously identified some files as infected and hosed the users' data - not Apple's fault at all. More recently there was an attack included in some pirated Apple software; chalk that up to poetic justice. Are Macs impregnable? Of course not. But they are more secure than all but the most heavily armored Windows systems.
    thewhitedog
  • Hmm.. ONLY 28 vulnerabilities...?

    Last time around, Charlie Miller, fresh off his 2010 Pwn2Own win, was quoted as saying that he had over 150 vulnerabilities in his bag of tricks and that the last big patch took out about 25 of them. Gee... That left over 125 vulnerabilities in his bag of tricks. And I'm sure he hasn't been sitting on his duff since then.

    So even if all 28 of the ones patched in this round were on his list, that STILL leaves about 100 vulnerabilities unpatched...

    DOH...
    Wolfie2K3