Apple released OS X Lion v10.7.2 yesterday along with an absolutely enormous security update that patches some 80 bugs in the various iterations of Apple’s operating system. One of the patches fixes a highly critical vulnerability that enables an attacker to run code on a remote machine with a simple exploit.
The vulnerability, CVE-2011-3230, which was discovered by researcher Aaron Sigel, lies in the way that Safari handles certain URLs.
“This allows you to send any “file:” url to LaunchServices, which will run binaries, launch applications, or open content in the default application, all from a web page. The only caveat is that since LaunchServices will check for the quarantine bit, you cannot directly push a binary to the browser and launch it,” Sigel said in his advisory.
The other bugs fixed in the OS X update could lead to denials of service, escalation of privileges, and arbitrary code execution to name a few. In addition, the patch fixes various password authentication problems ranging from password interception to log-ins occurring without passwords.
The update resolves one or more vulnerabilities in all of the following programs: Apache, Application Firewall, ATS, BIND, Certificate Trust Policy, CFNetwork, CoreFoundation, CoreMedia, CoreProcesses, CoreStorage, File Systems, IOGraphics, iChat Server, Kernel, libsecurity, Mailman, MediaKit, Open Directory, PHP, postfix, python, QuickTime, SMB File Server, Tomcat, User Documentation, Web Server, andX11.
Among the most noteworthy fixes are, Multiple DoS vulnerabilities in BIND, the resolution of a cookie storage and configuration bug in Safari, the addition of a number of trusted certificates to Apple’s list of system roots, a number of open directory password issues that could allow users to log-in without passwords, easily change or read other’s passwords, and a bug in the file systems that could allow an attacker in a privileged network position the ability to manipulate HTTPS server certificates, leading to the disclosure of sensitive data.
Again, this is an enormous patch, so please read the ‘About the security content of OS X Lion v10.7.2 and Security Update 2011-006’ for all the specific details. You can also download the update there.