Apple Patches Critical Mac OS X Security Flaws

Apple has shipped another mega Mac OS X patch bundle to fix a total of 28 documented security vulnerabilities affecting the Mac ecosystem.

Apple has shipped another mega Mac OS X patch bundle to fix a total of 28 documented security vulnerabilities affecting the Mac ecosystem.

The update, which includes fixes for the Adobe Flash Player plugin and several open-source components, is rated highly-critical because it exposes Mac OS X users to remote code execution attacks.

In some cases, a hacker could take complete control of an affected machine if a user is lured to a malicious Web site or views a rigged movie file.

Here’s the skinny on the most serious issues fixes in this Security Update 2010-004 / Mac OS X v10.6.4 bundle:

  • Flash Player plug-in: Multiple vulnerabilities exist in the Adobe Flash Player plug-in, the most serious of which may lead to unauthorized cross-domain requests. The issues are addressed by updating the Flash Player plug-in to version 10.0.45.2.
  • Help Viewer: A cross-site scripting issue exists in Help Viewer’s handling of help: URLs. Visiting a maliciously crafted website may lead to the execution of JavaScript in the local domain. This may lead to information disclosure or arbitrary code execution. This issue is addressed through improved escaping of URL parameters in HTML content. This issue does not affect systems prior to Mac OS X 10.6.
  • ImageIO: Multiple integer overflows in the handling of TIFF files may result in a heap buffer overflow. Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution. The issues are addressed through improved bounds checking.
  • ImageIO: A memory corruption exists in the handling of MPEG2 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of MPEG2 encoded movie files.
  • Kerberos: A double free issue exists in the renewal or validation of existing tickets in the KDC process. A remote user may cause an unexpected termination of the KDC process, or arbitrary code execution. This issue is addressed through improved ticket handling.
  • libcurl: A buffer overflow exists in libcurl’s handling of gzip-compressed web content. When processing compressed content, libcurl may return an unexpectedly large amount of data to the calling application. This may lead to an unexpected application termination or arbitrary code execution. The issue is addressed by ensuring that the size of data blocks returned to the calling application by libcurl adheres to documented limits.

[block:block=47]

  • Network Authorization: A format string issue exists in the handling of afp:, cifs:, and smb: URLs. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of afp:, cifs:, and smb: URLs. This issue does not affect systems prior to Mac OS X v10.6.
  • Printing: An integer overflow issue exists in the calculation of page sizes in the cgtexttops CUPS filter. A local or remote user with access to the printer may cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking.

As always, the security update may be obtained from Software Update pane in System Preferences, or Apple’s Software Downloads web site.

Suggested articles