OS X Takes Hit

Apple users have one less reason to feel smug about security in comparison to their Windows peers today.

Over 40 different vulnerabilities ranging in severity from local privilege escalation to highly critical system exploit code that could allow a hacker to arbitrarily execute code and gain full system control were revealed as part of Apple’s monthly security update.

The cavalcade of flaws involves a who’s who of software applications and OS X components including AppKit, Safari, MySQL, OpenSSL, zlib, Apache, Mail and Bluetooth among others.

The flaws detailed in Apple’s security update 2005-007 affects OS X version 10.3.9 and 10.4.2.

Among the highly critical flaws that could potentially allow a malicious remote attacker to execute arbitrary code and gain control over the Mac are vulnerabilities in AppKit.

AppKit is a library that allows users to write graphical applications for OS X. CAN-2005-2501 is a buffer overflow in how AppKit handles “maliciously crafted rich text files,” such that opening one such file could allow for arbitrary code execution. CVE-ID: CAN-2005-2502 is a related flaw in AppKit that could allow a Microsoft Word .doc file to create an overflow condition and execute arbitrary code.

Apple’s home grown Web browser Safari is also at risk from CAN-2005-2516, a flaw in how Safari processes rich text files. It allows a maliciously crafted file to potentially execute arbitrary code with the same privileges as the logged-in user.

CAN-2005-2518 deals with a buffer overflow vulnerability in OS X Server’s modified version of Apache, called servermgrd. According to Apple’s security update, “A buffer overflow in the handling of authentication can lead to arbitrary code execution by a remote attacker.”

Apple Directory Services are at risk from a trio of flaws, the most serious of which is a buffer overflow which could allow for remote code execution. CVE-ID: CAN-2005-2507 describes a flaw in the handling of authentication that could lead to the buffer overflow.

Kerberos is also at risk. According to the bulletin, a heap buffer overflow in the password history handling code could be exploited to execute arbitrary code on a Key Distribution Center.

The August patch update is the largest block of updates this year from Apple. The last patch, updated in June, contained patches for at least 15 vulnerabilities. The May update fixed 20 vulnerabilities.

News Around the Web