RealTime IT News

Apple Patches Zero-Day Flaw

Apple's Zero day flaw is no more.

Apple Security Update 2006-001 fixes the week old issue that US-CERT tagged with a Cyber Security Alert.

It also addresses 19 other issues in OS X, including improving security against worms which have just recently begun to slither through Apple's core.

The zero-day issue involved how OS X 10.4.5 handles ZIP archives in the Safari Web browser. Arbitrary commands could have potentially been executed automatically via Safari from a malicious site.

Though the issue remained open for over a week, there was simple workaround provided early on that involved disabling automatic file opening on downloads in Safari, or simply using another browser.

Apple's security update also revealed a number of other significant flaws in Safari that are now fixed with the patch.

CVE-ID: CVE-2006-0390/CVE-2005-4504 fixes a heap-based buffer overflow condition in WebKit that could have potentially allowed an attack to execute arbitrary code when a user visits a maliciously crafted Web page.

CVE-ID: CVE-2006-0387 also could have allowed arbitrary code execution from a maliciously crafted Web page, in this instance as the result of JavaScript that could trigger a stack buffer overflow.

The fix for CVE-ID: CVE-2006-0388 prevents cross-domain HTTP redirects, which could have allowed a Web site to redirect to local resources and enable a JavaScript to run on a user's local domain.

CVE-ID: CVE-2006-0389 could have allowed Safari's RSS syndication model to run JavaScript embedded in a feed, which could have allowed code to run outside of Safari's security constraints.

The update also provides additional protections against worms such as Leap.A, which have recently begun to target Apple Mac users via the iChat instant messaging application.

The update now includes something called "Download Validation," which is supposed to warn users of potentially unsafe file types during transfers.

Other issues addressed in the Apple security update include fixes for perl, rsync, mail, IPsec , apache_mod_php, automount, FileVault, Directory Services and Mail. The potential impacts range from denial of service to arbitrary code execution.