Apple has released an update to fix comex’s recent .pdf exploit used by jailbreakme.com to jailbreak iDevices.
You must use iTunes to update your device. This update is not available through Apple Software Update
For more information on the security update Apple Security Updates web site: http://support.apple.com/kb/HT1222
Along with this Snow Leopard update to 10.6.2, Apple also released a security update for OS X 10.5.8 client and server. The update includes numerous security updates and some feature enhancements, Apple also pulled support for Intel Atom processor which breaks Hackintosh Netbooks.
The update is available via Software Update and Apple’s support downloads site.
Apple issued a Java update Thursday patching several known vulnerabilities.
The 161.35MB update is only applicable to Mac OS X Leopard version 10.5.8 or later (not Snow Leopard). Java SE 6 is updated to version 1.6.0_15, J2SE 5.0 is updated to version 1.5.0_20, and J2SE 1.4.2 is updated to version 1.4.2_22. While J2SE 5.0 and J2SE 1.4.2 support all Intel and PowerPC-based Macs, Java SE 6 requires a 64-bit Intel-based Mac.
For those of you that have recently updated to OS X 10.6 Snow Leopard time to u[pgrade Flash Player. Apple downgraded your installation of Flash to an earlier version (version 10.0.23.1), which is known not to be secure and is not patched against various security vulnerabilities. The version you should be running is the latest version of Flash Player for Mac – 10.0.32.18.
To check for your Version test for Adobe Flash Player
No not really, but it does check for a couple of the more common trojans. The last Developer seed of Snow Leopard Snow 10a421A and what we expect Apple to release on Friday contains a file XProtect.plist that checks for possible trojans.
/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist
It contains five signatures for the two most active trojans, OSX.RSPlug that changes DNS settings and OSX.Iservice the one bundled with the pirated versions of iWork.
Apple issued a fix for the recent bind vulnerability. Good to see Apple releasing fixes fairly fast for known vulnerabilities.
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: A remote attacker may be able to cause the DNS server to unexpectedly terminate
Description: A logic issue in the handling of dynamic DNS update messages may cause an assertion to be triggered. By sending a maliciously crafted update message to the BIND DNS server, a remote attacker may be able to interrupt the BIND service. The issue affects servers which are masters for one or more zones, regardless of whether they accept updates. BIND is included with Mac OS X and Mac OS X Server but it is not enabled by default. This update addresses the issue by properly rejecting messages with a record of type ‘ANY’ where an assertion would previously have been raised.
Safari 4.0.3 is now available and addresses the following:
CoreGraphics
CVE-ID: CVE-2009-2468
Available for: Windows XP and Vista
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the drawing of long
text strings. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue through improved bounds checking. Credit
to Will Drewry of Google Inc for reporting this issue.
ImageIO
CVE-ID: CVE-2009-2188
Available for: Windows XP and Vista
Impact: Viewing a maliciously crafted image may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in the handling of EXIF
metadata. Viewing a maliciously crafted image may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue through improved bounds checking.
Safari
CVE-ID: CVE-2009-2196
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.7, Mac OS X Server v10.5.7, Mac OS X v10.5.8,
Mac OS X Server v10.5.8, Windows XP and Vista
Impact: A maliciously crafted website may be promoted into Safari’s
Top Sites view
Description: Safari 4 introduced the Top Sites feature to provide an
at-a-glance view of a user’s favorite websites. It is possible for a
malicious website to promote arbitrary sites into the Top Sites view
through automated actions. This could be used to facilitate a
phishing attack.
This issue is addressed by preventing automated website visits
from affecting the Top Sites list. Only websites that the
user visits manually can be included in the Top Sites list. As a
note, Safari enables fraudulent site detection by default. Since the
introduction of the Top Sites feature, fraudulent sites are not
displayed in the Top Sites view. Credit to Inferno of
SecureThoughts.com for reporting this issue.
WebKit
CVE-ID: CVE-2009-2195
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.7, Mac OS X Server v10.5.7, Mac OS X v10.5.8,
Mac OS X Server v10.5.8, Windows XP and Vista
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in WebKit’s parsing of
floating point numbers. Visiting a maliciously crafted website may
lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue through improved bounds
checking. Credit: Apple.
WebKit
CVE-ID: CVE-2009-2200
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.7, Mac OS X Server v10.5.7, Mac OS X v10.5.8,
Mac OS X Server v10.5.8, Windows XP and Vista
Impact: Visiting a maliciously crafted website and clicking “Go”
when viewing a malicious plug-in dialog may lead to the disclosure of
sensitive information
Description: WebKit allows the pluginspage attribute of the ‘embed’
element to reference file URLs. Clicking “Go” in the dialog that
appears when an unknown plug-in type is referenced will redirect to
the URL listed in the pluginspage attribute. This may allow a remote
attacker to launch file URLs in Safari, and lead to the disclosure of
sensitive information. This update addresses the issue by restricting
the pluginspage URL scheme to http or https. Credit to Alexios Fakos
of n.runs AG for reporting this issue.
WebKit
CVE-ID: CVE-2009-2199
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.7, Mac OS X Server v10.5.7, Mac OS X v10.5.8,
Mac OS X Server v10.5.8, Windows XP and Vista
Impact: Look-alike characters in a URL could be used to masquerade a
website
Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious website to
direct the user to a spoofed site that visually appears to be a
legitimate domain. This update addresses the issue by supplementing
WebKit’s list of known look-alike characters. Look-alike characters
are rendered in Punycode in the address bar. Credit to Chris Weber of
Casaba Security, LLC for reporting this issue.
Safari 4.0.3 is available via the Apple Software Update application, or Apple’s Safari download site at:
http://www.apple.com/safari/download/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
Apple recently released the new CrashWrangler tools to anyone with a free ADC account, and is available at:
https://connect.apple.com/cgi-bin/WebObjects/MemberSite.woa/wa/getSoftware?bundleID=20390
CrashWrangler is a set of developer tools that help in creating and debugging secure Mac OS X applications. The tools work by inspecting the application’s state at the time of the crash, as well as the application crash logs. Using these tools on a reproducible test case can determine if a crash could lead to a potentially exploitable
security issue, while providing valuable data to fix these issues. Additionally, any crash log can be inspected to determine if it is a duplicate of a known crash. The CrashWrangler tools support Mac OS X 10.5 or later.
It should be understood that CrashWrangler uses advanced heuristics, but that false positives and false negatives are possible. It’s intended for quick assessment. As always, a detailed manual inspection is the only way to be sure something is or isn’t exploitable.
The basic algorithm for determining exploitability looks like this.
Exploitable if:
Crash on write instruction
Crash executing invalid address
Crash calling an invalid address
Crash accessing an uninitialized or freed pointer as indicated by
using the MallocScribble environment variable
Illegal instruction exception
Abort due to -fstack-protector, _FORTIFY_SOURCE, heap corruption detected
Stack trace of crashing thread contains certain functions such as malloc, free, szone_error, objc_MsgSend, etc.
Not exploitable if:
Divide by zero exception
Stack grows too large due to recursion
Null dereference
Other abort
Crash on read instruction
If a crash is determined to be non-exploitable, it’s recommended to run the test case again with libgmalloc(3) on with MALLOC_ALLOW_READS and MALLOC_FILL_SPACE set, and see if the crash changes to one that is
considered to be exploitable.
CrashWrangler does not send any data about your crash to Apple or anyone else. Note that it does forward the information about the crash to CrashReporter, which is part of the OS, and as always it will send info to Apple if and only if you click the “Send to Apple” button in the Crash Reporter dialog.
Security Update 2009-003 / Mac OS X v10.5.8 is now available and addresses the following:
bzip2
CVE-ID: CVE-2008-1372
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7
Impact: Decompressing maliciously crafted data may lead to an
unexpected application termination
Description: An out-of-bounds memory access exists in bzip2. Opening
a maliciously crafted compressed file may lead to an unexpected
application termination. This update addresses the issue by updating
bzip2 to version 1.0.5. Further information is available via the
bzip2 web site at http://bzip.org/
CFNetwork
CVE-ID: CVE-2009-1723
Available for: Mac OS X v10.5 through v10.5.7,
Mac OS X Server v10.5 through v10.5.7
Impact: A maliciously crafted website may control the displayed
website URL in a certificate warning
Description: When Safari reaches a website via a 302 redirection and
a certificate warning is displayed, the warning will contain the
original website URL instead of the current website URL. This may
allow a maliciously crafted website that is reached via an open
redirector on a user-trusted website to control the displayed website
URL in a certificate warning. This issue was addressed by returning
the correct URL in the underlying CFNetwork layer. This issue does
not affect systems prior to Mac OS X v10.5. Credit to Kevin Day of
Your.Org, and Jason Mueller of Indiana University for reporting this
issue.
ColorSync
CVE-ID: CVE-2009-1726
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7
Impact: Viewing a maliciously crafted image with an embedded
ColorSync profile may lead to an unexpected application termination
or arbitrary code execution
Description: A heap buffer overflow exists in the handling of images
with an embedded ColorSync profile. Opening a maliciously crafted
image with an embedded ColorSync profile may lead to an unexpected
application termination or arbitrary code execution. This update
addresses the issue by performing additional validation of ColorSync
profiles. Credit to Chris Evans of the Google Security Team for
reporting this issue.
CoreTypes
CVE-ID: CVE-2009-1727
Available for: Mac OS X v10.5 through v10.5.7,
Mac OS X Server v10.5 through v10.5.7
Impact: Users are not warned before opening certain potentially
unsafe content types
Description: This update extends the system’s list of content types
that will be flagged as potentially unsafe under certain
circumstances, such as when they are downloaded from a web page.
While these content types are not automatically launched, if manually
opened they could lead to the execution of a malicious JavaScript
payload. This update improves the system’s ability to notify users
before handling content types used by Safari. Credit to Brian
Mastenbrook, and Clint Ruoho of Laconic Security for reporting this
issue.
Dock
CVE-ID: CVE-2009-0151
Available for: Mac OS X v10.5 through v10.5.7,
Mac OS X Server v10.5 through v10.5.7
Impact: A person with physical access to a locked system may use
four-finger Multi-Touch gestures
Description: The screen saver does not block four-finger Multi-Touch
gestures, which may allow a person with physical access to a locked
system to manage applications or use Expose. This update addresses
the issue by properly blocking Multi-Touch gestures when the screen
saver is running. This issue only affects systems with a Multi-Touch
trackpad.
Image RAW
CVE-ID: CVE-2009-1728
Available for: Mac OS X v10.5 through v10.5.7,
Mac OS X Server v10.5 through v10.5.7
Impact: Viewing a maliciously crafted Canon RAW image may lead to an
unexpected application termination or arbitrary code execution
Description: A stack buffer overflow exists in the handling of Canon
RAW images. Viewing a maliciously crafted Canon RAW image may lead to
an unexpected application termination or arbitrary code execution.
This update addresses the issue through improved bounds checking. For
Mac OS X v10.4 systems, this issue is already addressed with Digital
Camera RAW Compatibility Update 2.6. Credit to Chris Ries of Carnegie
Mellon University Computing Services for reporting this issue.
ImageIO
CVE-ID: CVE-2009-1722
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7
Impact: Viewing a maliciously crafted OpenEXR image may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in ImageIO’s handling of
OpenEXR images. Viewing a maliciously crafted OpenEXR image may lead
to an unexpected application termination or arbitrary code execution.
This update addresses the issue by updating OpenEXR to version 1.6.1.
Credit to Lurene Grenier of Sourcefire VRT, and Chris Ries of
Carnegie Mellon University Computing Services for reporting this
issue.
ImageIO
CVE-ID: CVE-2009-1721
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7
Impact: Viewing a maliciously crafted OpenEXR image may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in
ImageIO’s handling of OpenEXR images. Viewing a maliciously crafted
OpenEXR image may lead to an unexpected application termination or
arbitrary code execution. This update addresses the issue through
proper memory initialization and additional validation of OpenEXR
images. Credit: Apple.
ImageIO
CVE-ID: CVE-2009-1720
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7
Impact: Viewing a maliciously crafted OpenEXR image may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple integer overflows exist in ImageIO’s handling
of OpenEXR images. Viewing a maliciously crafted OpenEXR image may
lead to an unexpected application termination or arbitrary code
execution. This update addresses the issues through improved bounds
checking. Credit: Apple.
ImageIO
CVE-ID: CVE-2009-2188
Available for: Mac OS X v10.5 through v10.5.7,
Mac OS X Server v10.5 through v10.5.7
Impact: Viewing a maliciously crafted image may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in ImageIO’s handling of EXIF
metadata. Viewing a maliciously crafted image may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue through improved bounds checking. This
issue does not affect systems prior to Mac OS X v10.5.
ImageIO
CVE-ID: CVE-2009-0040
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7
Impact: Processing a maliciously crafted PNG image may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized pointer issue exists in the handling
of PNG images. Processing a maliciously crafted PNG image may lead to
an unexpected application termination or arbitrary code execution.
This update addresses the issue by performing additional validation
of PNG images. Credit to Tavis Ormandy of the Google Security Team
for reporting this issue.
Kernel
CVE-ID: CVE-2009-1235
Available for: Mac OS X v10.5 through v10.5.7,
Mac OS X Server v10.5 through v10.5.7
Impact: A local user may obtain system privileges
Description: An implementation issue exists in the kernel’s handling
of fcntl system calls. A local user may overwrite kernel memory and
execute arbitrary code with system privileges. This update addresses
the issue through improved handling of fcntl system calls. Credit to
Razvan Musaloiu-E. of Johns Hopkins University, HiNRG for reporting
this issue.
launchd
CVE-ID: CVE-2009-2190
Available for: Mac OS X v10.5 through v10.5.7,
Mac OS X Server v10.5 through v10.5.7
Impact: Opening many connections to an inetd-based launchd service
may lead to a denial of service
Description: Opening many connections to an inetd-based launchd
service may cause launchd to stop servicing incoming connections to
that service until the next system restart. This update addresses the
issue through improved error handling.
Login Window
CVE-ID: CVE-2009-2191
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7
Impact: A format string issue in Login Window may lead to an
unexpected application termination or arbitrary code execution
Description: A format string issue in Login Window’s handling of
application names may lead to an unexpected application termination
or arbitrary code execution. This update addresses the issue through
improved handling of application names. Credit to Alfredo Pesoli of
0xcafebabe.it for reporting this issue.
MobileMe
CVE-ID: CVE-2009-2192
Available for: Mac OS X v10.5 through v10.5.7,
Mac OS X Server v10.5 through v10.5.7
Impact: Signing out of MobileMe does not remove all credentials
Description: A logic issue exists in the MobileMe preference pane.
Signing out of the preference pane does not delete all credentials. A
person with access to the local user account may continue to access
any other system associated with the MobileMe account which had
previously been signed in for that local account. This update
addresses the issue by deleting all the credentials on sign out.
Networking
CVE-ID: CVE-2009-2193
Available for: Mac OS X v10.5 through v10.5.7,
Mac OS X Server v10.5 through v10.5.7
Impact: Receiving a maliciously crafted AppleTalk response packet
may lead to arbitrary code execution with system privileges or an
unexpected system shutdown
Description: A buffer overflow exists in the kernel’s handling of
AppleTalk response packets. Receiving a maliciously crafted AppleTalk
response packet may lead to arbitrary code execution with system
privileges or an unexpected system shutdown. This update addresses
the issue through improved validation of AppleTalk response packets.
Credit to Ilja van Sprundel from IOActive for reporting this issue.
Networking
CVE-ID: CVE-2009-2194
Available for: Mac OS X v10.5 through v10.5.7,
Mac OS X Server v10.5 through v10.5.7
Impact: A local user may cause an unexpected system shutdown
Description: A synchronization issue exists in the handling of file
descriptor sharing over local sockets. By sending messages containing
file descriptors to a socket with no receiver, a local user may cause
an unexpected system shutdown. This update addresses the issue
through improved handling of file descriptor sharing. Credit to
Bennet Yee of Google Inc. for reporting this issue.
XQuery
CVE-ID: CVE-2008-0674
Available for: Mac OS X v10.5 through v10.5.7,
Mac OS X Server v10.5 through v10.5.7
Impact: Processing maliciously crafted XML content may lead to
arbitrary code execution
Description: A buffer overflow exists in the handling of character
classes in regular expressions in the Perl Compatible Regular
Expressions (PCRE) library used by XQuery. This may allow a remote
attacker to execute arbitrary code via a regular expression
containing a character class with a large number of characters with
Unicode code points greater than 255. This update addresses the issue
by updating PCRE to version 7.6.
Security Update 2009-003 / Mac OS X v10.5.8 may be obtained from
the Software Update pane in System Preferences, or Apple’s Software
Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
Apple updated Safari to 4.02 fixing two critical vulnerabilities.
About the security content of Safari 4.0.2 – http://support.apple.com/kb/HT3666
* CVE-2009-1724: An issue in WebKit’s handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects.
* CVE-2009-1725: A memory corruption issue exists in WebKit’s handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references.
Multiple bugs fixed in thenew iPhone OS 3.0 software. About the security content of iPhone OS 3.0 Software Update
Six months after the vulnerability report and after exploit POC’s being widely released, Apple today released Java updates for 10.4 and 10.5.
Content © hard-mac.com. Proudly powered by WordPress. To bookmark this site, press Control+D.
"Black Hat" theme by Nicki Faulk. For best results, please view with Firefox. [ Log in ]