Mac OS X dirty dozen: Apple plugs critical security holes

Summary: The update, rated critical, plugs security holes that could lead to code execution vulnerabilities if a Mac user is tricked into opening audio files or surfing to a rigged Web site.

Apple's first Mac OS X security update for 2010 is out, providing cover for at least 12 serious vulnerabilities.

The update, rated critical, plugs security holes that could lead to code execution vulnerabilities if a Mac user is tricked into opening audio files or surfing to a rigged Web site.

With Security Update 2010-001, Apple also fixes flaws in the Adobe Flash Player plug-in that ships with the operating system.

Here's the skinny of the vulnerabilities:

  • CoreAudio (CVE-2010-0036) -- A buffer overflow exists in the handling of mp4 audio files. Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution.
  • CUPS (CVE-2009-3553) -- A use-after-free issue exists in cupsd. By issuing a maliciously crafted get-printer-jobs request, an attacker may cause a remote denial of service. This is mitigated through the automatic restart of cupsd after its termination.
  • Flash Player plug-in (7 vulnerabilities) -- Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in to version 10.0.42.
  • ImageIO (CVE-2009-2285) -- A buffer underflow exists in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.
  • Image RAW (CVE-2010-0037) -- A buffer overflow exists in Image RAW's handling of DNG
  • images. Viewing a maliciously crafted DNG image may lead to an unexpected application termination or arbitrary code execution.
  • OpenSSL (CVE-2009-3555) -- A man-in-the-middle vulnerability exists in the SSL and TLS protocols. Further information is available here. A change to the renegotiation protocol is underway within the IETF. This update disables renegotiation in OpenSSL as a preventive security measure. The issue does not affect services using Secure Transport as it does not support renegotiation.

The update is being distributed via Apple's Software Update mechanism.

Topics: Apple, Hardware, Operating Systems, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

99 comments
Log in or register to join the discussion
  • 12 Serious OS X holes, and one IE bug gets top billing?

    Could zdnet make their agenda any more obvious?
    xuniL_z
    • Could it have something to do...

      ...with patching the holes BEFORE they're exploited?
      gfeier
      • Prove that none of these gaping holes have been exploited.

        You wouldn't have written your sentence if you didn't have proof to support your claim, right?
        NonZealot
        • Argumentum ad ignorantiam.

          Look it up, if you're able.
          msalzberg
          • Works both ways though.

            Equally applies to people that claim that these security flaws have not been exploited just because its not been proven they have.
            jdbukis@...
          • The fact that there is no exploit code out for them..

            ..and they are already patched.. proves it [i]beyond a reasonable doubt[/i].

            If you want [i]100%[/i] proof, you'll have to solve the Munchhausen-Trilemma, because until then you can't even prove you exist.

            edit:
            Just to clarify, I meant to yourself. Even if you do solve it you still can't prove it to someone else absolutely, short of them being omniscient.
            AzuMao
        • Easy proof!

          If they had been ZDNet would surely have reported it. Q.E.D. - but I like the previous answer better.
          gfeier
          • So ZDNet is aware of all hacks all over the world?

            Of course not, that would be a silly defense to a weak argument.

            In fact, only the unsuccesful hacks get detected. The rest, don't. :)

            So, [b]you[/b] were the only one who made a claim that there weren't any exploits using these gaping vulnerabilities. Please back it up or take it back. Thanks!
            NonZealot
          • On a scale from 1 to 10 ROTFLMAO

            I give you an absolute 10 for the big laughs. You are all over the place.
            You are hilarious. Get over yourself & move on.
            Intellihence
          • That's weird..

            ..because I could have sworn the attack on IE that
            xuniL_z referred to was successful.
            AzuMao
          • As much as i usually completely disagree with things NZ posts

            - and I usually do disagree with him - this time I feel he has a point. There is NOTHING in this article that claims that these vulnerabilities have not been exploited - or no claims that they have other than from the testing that revealed these vulnerabilities. So far all he's gotten is insults... I'd like to see some proof either for or against his argument so this can be laid to rest. Have these vulnerabilities been exploited yes or no and is there a linkable source to verify either way?
            athynz
          • But he's the one who made the claim in the first place

            [i]There is NOTHING in this article that claims that these vulnerabilities have not been exploited[/i]

            So it's up to him to tell us what they are.

            [i]- or no claims that they have other than from the testing that revealed these vulnerabilities.[/i]

            Well, has there been any proof, otherwise? Has anyone in any of the Mac forums encountered these vulnerabilities in the wild?

            Tell us.

            [i]So far all he's gotten is insults...[/i]

            Well that's par for the course. For someone claiming to be a "NonZealot" he sure doesn't act like one.

            [i]I'd like to see some proof either for or against his argument so this can be laid to rest.[/i]

            Why don't you ask Apple? Or go to one of their forums and report back to us.

            [i]Have these vulnerabilities been exploited yes or no and is there a linkable source to verify either way?[/i]

            Well the same claims have been made against Linux too. Only now "bugs" are called "security vulnerabilities" by the M$ rabid fan club. Makes them feel better with their inferiority complex.
            Wintel BSOD
          • You didn't look up "argumentum ad ignorantiam" did you?

            otherwise you wouldn't go on repeating it.

            (Teenagers obviously have too much time on their hands).
            macgroover
        • Prove to what level?

          If you mean absolute, you can't even prove that he
          wrote that sentence.

          If you just mean beyond [i]reasonable[/i] doubt..
          they were fixed before any exploit code came out,
          unlike the IE vulnerability.
          AzuMao
        • 100 undisclosed windows vulnerabilities being exploited

          Prove that they aren't!

          A ridiculous proposition:-)
          Richard Flude
        • Just google...

          plenty of information at

          http://packetstormsecurity.org/

          http://www.metasploit.com/

          http://www.securityfocus.com/
          samwise51@...
        • Prove that there isn't a teapot on Pluto

          Requiring proof for a negative assertion is a well-know fallacy.

          (but requiring you to prove that these holes are 'gaping' is not. )
          macgroover
      • That or..

        ..the fact that Flash, Java, etc, are not OS X.


        Or maybe both.
        AzuMao
    • 12 bugs in Flash/Java fixed before they are exploited and a Serious hole in

      IE that gets dozens of big companies hacked before
      it is patched gets top billing.. yep.
      AzuMao
    • Are you suggesting that their is bias here?

      Silly little fanboy...
      webmaster@...