Wednesday, May 28

Apple also released Security Update 2008-003

  • AFP Server

Issue: Files that are not designated for sharing may be accessed
remotely
Solution: Deny access to files and folders that are not inside a
folder
designated for sharing
Credit: Alex deVries and Robert Rich
  • Apache

Issue: Multiple vulnerabilities in Apache 2.0.55, including cross-site
scripting.
Solution: Apache is updated to version 2.0.63 to address several
vulnerabilities
Note: This is for Mac OS X Server 10.4.x systems, since Leopard ships
with Apache 2.2.x.
  • AppKit

Issue: Maliciously crafted file, unexpected application termination,
arbitrary code execution
Solution: Improved validation of document files.
Credit: Rosyna of Unsanity

  • Apple Pixlet Video

Issue: Vulnerability to unexpected application termination, arbitrary
code execution
Solution: Improved bounds checking.
  • ATS
Issue: Vulnerability to arbitrary code execution
Solution: Additional validation of embedded fonts.
Credit: Melissa O'Neill of Harvey Mudd College
  • CFNetwork

Issue: Vulnerability leading to disclosure of sensitive information
Solution: User prompts
  • CoreFoundation

Issue: Vulnerability leading to unexpected application termination or
arbitrary code execution
Solution: Additional validation of length parameters.
  • CoreGraphics
Issue: Vulnerability that may lead to an unexpected application
termination or arbitrary code execution
Solution: Proper initialization of pointers
  • CoreTypes

Issue: Lack of prompting against opening "certain potentially unsafe
content types" in Automator, Help, Safari, and Terminal
Solution: Enhancements to Download Validation in Mac OS X v10.4, and
Quarantine in Mac OS X v10.5
Credit: Brian Mastenbrook
  • CUPS
Issue: Information disclosure
Solution: Validation of environment variables
  • Flash Player Plug-in

Issue: Arbitrary code execution
Solution: Updating to version 9.0.124.0
  • Help Viewer

Issue: Vulnerability to application termination or arbitrary code
execution
Solution: Improved bounds checking
Credit: to Paul Haddad of PTH Consulting
  • iCal

Issue: Vulnerability to unexpected application termination or
arbitrary
code execution
Solution: "Improving reference counting in the affected code"
Note: This issue only affects pre-Mac OS X 10.5 systems.
Credit: Rodrigo Carvalho of Core Security Technologies
  • International Components for Unicode

Issue: Disclosure of sensitive information
Solution: "...replacing invalid character sequences with a fallback
character."
  • Image Capture

Issue: Path traversal vulnerability
Solution: Improved URL handling

Issue: Privilege elevation
Solution: Improved handling of temporary files
  • ImageIO

Issue: Out-of-bounds memory read leading to information
disclosure
Solution: Additional validation of BMP and GIF images
Credit: Gynvael Coldwind of Hispasec

Issue: Multiple vulnerabilities in libpng version 1.2.18
Solution: Updating to version 1.2.24

Issue: Vulnerability to unexpected application termination or
arbitrary code execution
Solution: Additional validation of JPEG2000 images.
  • Kernel

Issue: Remote vulnerability to unexpected system shutdown due
to undetected failure condition
Solution: Proper detection of the failure condition.

Issue: Local user vulnerability to unexpected system shutdown
due to mishandling of code signatures
Solution: Perform additional validation of code signatures
  • LoginWindow

Issue: Race condition preventing MCX preferences being applied
Solution: Eliminate the race condition
  • Mail

Issue: IPv6 vulnerability leading to unexpected application
termination, information disclosure, or arbitrary code execution
Solution: Properly initializing variable.
Credit: Derek Morr of The Pennsylvania State University
  • ruby

Issue: Remote vulnerability
Solution: Mongrel updated to version 1.1.4
  • Single Sign-On

Issue: Password disclosure in sso_util
Solution: Make password parameter optional, force sso_util to promp
Credit: Geoff Franks of Hauptman Woodward Institute
  • Wiki Server

Issue: Remote vulnerability to information disclosure
Solution: Improved handling of error messages
Credit: Don Rainwater of the University of Cincinnati

No comments: