Apple releases security update 2007-009
Today Apple released Security Update 2007-006 which addresses:
Address Book
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A format string vulnerability exists in Address Book’s URL handler. By enticing a user to visit a maliciously crafted website, a remote attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of format strings. This issue does not affect systems running Mac OS X 10.5 or later.
CFNetwork
Impact: Visiting a malicious website could allow the automatic download of files to arbitrary folders to which the user has write permission
Description: A path traversal issue exists in CFNetwork’s handling of downloaded files. By enticing a user to visit a malicious website, an attacker may cause the automatic download of files to arbitrary folders to which the user has write permission. This update addresses the issue through improved processing of HTTP responses. This issue does not affect systems prior to Mac OS X 10.5.
ColorSync
Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of images with an embedded ColorSync profile. By enticing a user to open a maliciously crafted image, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of images. This issue does not affect systems running Mac OS X 10.5 or later.
Core Foundation
Impact: Usage of CFURLWriteDataAndPropertiesToResource API may lead to the disclosure of sensitive information
Description: A race condition exists in the CFURLWriteDataAndPropertiesToResource API, which may cause files to be created with insecure permissions. This may lead to the disclosure of sensitive information. This update addresses the issue through improved file handling. This issue does not affect systems running Mac OS X 10.5 or later.
CUPS
Impact: A local admin user may be able to gain system privileges
Description: A buffer overflow issue exists in the printer driver for CUPS. This may allow a local admin user to gain system privileges by passing a maliciously crafted URI to the CUPS service. This update addresses the issue by ensuring that the destination buffer is sized to contain the data. This issue does not affect systems running Mac OS X 10.5 or later.
Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of Internet Printing Protocol (IPP) tags, which may allow a remote attacker to cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
Impact: If SNMP is enabled, a remote attacker may cause an unexpected application termination or arbitrary code execution
Description: The CUPS backend SNMP program broadcasts SNMP requests to discover network print servers. A stack buffer overflow may result from an integer underflow in the handling of SNMP responses. If SNMP is enabled, a remote attacker may exploit this issue by sending a maliciously crafted SNMP response, which may cause an application termination or arbitrary code execution. This update addresses the issue by performing additional validation of SNMP responses. This issue does not affect systems prior to Mac OS X 10.5.
Desktop Services
Impact: Opening a directory containing a maliciously-crafted .DS_Store file in Finder may lead to arbitrary code execution
Description: A heap buffer overflow exists in Desktop Services. By enticing a user to open a directory containing a maliciously crafted .DS_Store file, an attacker may cause arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems running Mac OS X 10.5 or later.
Flash Player Plug-in
Description: Adobe Flash Player is updated to version 9.0.115.0 to address CVE-2007-5476.
GNU Tar
Impact: Extracting a maliciously crafted tar archive could overwrite arbitrary files
Description: A directory traversal issue exists in GNU Tar. By enticing a local user to extract a maliciously crafted tar archive, an attacker may cause arbitrary files to be overwritten. This issue has been addressed by performing additional validation of tar files. This issue does not affect systems running Mac OS X 10.5 or later.
iChat
Impact: A person on the local network may initiate a video connection without the user’s approval
Description: An attacker on the local network may initiate a video conference with a user without the user’s approval. This update addresses the issue by requiring user interaction to initiate a video conference. This issue does not affect systems running Mac OS X 10.5 or later.
IO Storage Family
Impact: Opening a maliciously crafted disk image may lead to an unexpected system shutdown or arbitrary code execution
Description: A memory corruption issue exists in the handling of GUID partition maps within a disk image. By enticing a user to open a maliciously crafted disk image, an attacker may cause an enexpected system shutdown or arbitrary code execution. This update addresses the issue through additional validation of GUID partition maps. This issue does not affect systems running Mac OS X 10.5 or later.
Launch Services
Impact: Opening a maliciously crafted HTML file may lead to information disclosure or cross-site scripting
Description: Launch Services does not handle HTML files as potentially unsafe content. By enticing a user to open a maliciously crafted HTML file, an attacker may cause the disclosure of sensitive information or cross-site scripting. This update addresses the issue by handling HTML files as potentially unsafe content.
Impact: Opening an executable mail attachment may lead to arbitrary code execution with no warning
Description: An implementation issue exists in Launch Services, which may allow executable mail attachments to be run without warning when a user opens a mail attachment. This update addresses the issue by warning the user before launching executable mail attachments. This issue does not affect systems prior to Mac OS X 10.5.
Impact: SMTP accounts set up through Account Assistant may use plaintext authentication even when MD5 Challenge-Response authentication is available
Description: When setting up an SMTP account through Account Assistant, if SMTP authentication is selected, and if the server supports only MD5 Challenge-Response authentication and plaintext authentication, Mail defaults to using plaintext authentication. This update addresses the issue by ensuring that the most secure available mechanism is used. This issue does not affect systems running Mac OS X 10.5 or later.
perl
Impact: Parsing regular expressions may lead to arbitrary code execution
Description: A length calculation issue exists in the polymorphic opcode support in the Perl Regular Expression compiler. This may allow an attacker to cause memory corruption leading to arbitrary code execution by switching from byte to Unicode (UTF) characters in a regular expression. This update addresses the issue by recomputing the length if the character encoding changes.
python
Impact: Processing image content with imageop module may lead to an unexpected application termination or arbitrary code execution
Description: Multiple integer overflows exist in python’s imageop module. These may cause a buffer overflow to occur in applications which use the module to process maliciously crafted image content. This may lead to an unexpected application termination or arbitrary code execution. This updated addresses the issue by performing additional validation of image content.
Quick Look
Impact: Previewing a file with QuickLook enabled may lead to the disclosure of sensitive information
Description: When previewing an HTML file, plug-ins are not restricted from making network requests. This may lead to the disclosure of sensitive information. This update addresses the issue by disabling plug-ins. This issue does not affect systems prior to Mac OS X 10.5.
Impact: Previewing a movie file may access URLs contained in the movie
Description: Creating an icon for a movie file, or previewing that file using QuickLook may access URLs contained in the movie. This update addresses the issue by disabling HREFTrack while browsing movie files. This issue does not affect systems prior to Mac OS X 10.5, or systems with QuickTime 7.3 installed.
ruby
Impact: Multiple SSL certificate validation issues exist in ruby libraries
Description: Multiple ruby libraries are affected by SSL certificate validation issues. This may lead to man-in-the-middle attacks against applications that use an affected library. This update addresses the issues by applying the ruby patch.
Impact: Multiple vulnerabilities exist in Rails 1.2.3
Description: Multiple vulnerabilities exist in Rails 1.2.3, which may lead to the disclosure of sensitive information. This update addresses the issue by updating Rails to version 1.2.6. This issue does not affect systems prior to Mac OS X 10.5.
Safari
Impact: Visiting a malicious website may result in the disclosure of sensitive information
Description: WebKit allows a page to navigate the subframes of any other page. Visiting a maliciously crafted web page could trigger a cross-site scripting attack, which may lead to the disclosure of sensitive information. This update addresses the issue by implementing a stricter frame navigation policy.
Safari RSS
Impact: Accessing a maliciously crafted feed: URL may lead to an application termination or arbitrary code execution
Description: A memory corruption issue exists in Safari’s handling of feed: URLs. By enticing a user to access a maliciously crafted URL, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of feed: URLs and providing an error message in case of an invalid URL. This issue does not affect systems running Mac OS X 10.5 or later.
Samba
Impact: Multiple vulnerabilities in Samba
Description: Multiple vulnerabilities exist in Samba, the most serious of which is remote code execution. This update addresses the issues by applying patches from the Samba project.
Shockwave Plug-in
Impact: Opening maliciously crafted Shockwave content may lead to arbitrary code execution
Description: Multiple vulnerabilities exist in Shockwave Player. By enticing a user to open maliciously crafted Shockwave content, an attacker may cause arbitrary code execution. This update addresses the issues by updating Shockwave Player to version 10.1.1.016.
SMB
Impact: A local user may be able to execute arbitrary code with system privileges
Description: A stack buffer overflow issue exists in the code used by the mount_smbfs and smbutil applications to parse command line arguments, which may allow a local user to cause arbitrary code execution with system privileges. This update addresses the issue through improved bounds checking. This issue does not affect systems running Mac OS X 10.5 or later.
Software Update
Impact: A man-in-the-middle attack could cause Software Update to execute arbitrary commands
Description: When Software Update checks for new updates, it processes a distribution definition file which was sent by the update server. By intercepting requests to the update server, an attacker can provide a maliciously crafted distribution definition file with the “allow-external-scripts” option, which may cause arbitrary command execution when a system checks for new updates. This update addresses the issue by disallowing the “allow-external-scripts” option in Software Update. This issue does not affect systems prior to Mac OS X 10.5.
Spin Tracer
Impact: A local user may be able to execute arbitrary code with system privileges
Description: An insecure file operation exists in SpinTracer’s handling of output files, which may allow a local user to execute arbitrary code with system privileges. This update addresses the issue through improved handling of output files. This issue does not affect systems prior to Mac OS X 10.5.
Spotlight
Impact: Downloading a maliciously crafted .xls file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the Microsoft Office Spotlight Importer. By enticing a user to download a maliciously crafted .xls file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of .xls files. This issue does not affect systems running Mac OS X 10.5 or later.
tcpdump
Impact: Multiple vulnerabilities in tcpdump
Description: Multiple vulnerabilities exist in tcpdump, the most serious of which may lead to arbitrary code execution. This update addresses the issue by updating tcpdump to version 3.9.7. This issue does not affect systems running Mac OS X 10.5 or later.
XQuery
Impact: Multiple vulnerabilities in the handling of regular expressions
Description: Multiple vulnerabilities exist in the Perl Compatible Regular Expressions (PCRE) library used by XQuery, the most serious of which may lead to arbitrary code execution. This update addresses the issue by updating PCRE to version 7.3. This issue does not affect systems running Mac OS X 10.5 or later.
The update can be downloaded and installed via Software Update preferences, or from Apple Downloads.