Apple updates security with Mac OS X 10.5.3

The Mac OS X 10.5.3 Update is recommended for Mac OS X 10.5, 10.5.1, and 10.5.2 Leopard. It includes general operating system improvements that enhance the stability, compatibility, and security of your Mac.

  • AFP Server did not check that a file or directory to be served was inside a folder designated for sharing. A connected user or guest may access any files or folders for which they have permission, even if not contained in folders designated for sharing. This update addresses the issue by denying access to files and folders that are not inside a folder designated for sharing.
  • Apache is updated to version 2.0.63 to address several vulnerabilities, the most serious of which may lead to cross-site scripting. Apache 2.0.x is only shipped with Mac OS X Server v10.4.x systems. Mac OS X v10.5.x and Mac OS X Server v10.5.x ship with Apache 2.2.x. The issues that affected Apache 2.2.x were addressed in Security Update 2008-002 for Mac OS X v10.5.2 and Mac OS X Server v10.5.2.
  • Multiple memory corruption issues exist in the handling of files using the Pixlet codec. Opening a maliciously crafted movie file may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
  • A memory corruption issue exists in the Apple Type Services server’s handling of embedded fonts in PDF files. Printing a PDF document containing a maliciously crafted font may lead to arbitrary code execution. This update addresses the issue by performing additional validation of embedded fonts. This issue does not affect systems prior to Mac OS X v10.5.
  • An information disclosure issue exists in Safari’s SSL client certificate handling. When a web server issues a client certificate request, the first client certificate found in the keychain is automatically sent, which may lead to the disclosure of the information contained in the certificate. This update addresses the issue by prompting the user before sending the certificate.
  • An integer overflow in CoreFoundation’s handling of CFData objects may result in a heap buffer overflow. An application calling CFDataReplaceBytes with an with invalid length argument may unexpectedly terminate or lead to arbitrary code execution. This update addresses the issue by performing additional validation of length parameters.
  • An uninitialized variable issue exists in CoreGraphics’ handling of PDF files. Opening a maliciously crafted PDF file may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through proper initialization of pointers.
  • This update extends the system’s list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from a web page. While these content types are not automatically launched, if manually opened they could lead to the execution of a malicious payload. This update improves the system’s ability to notify users before handling content types used by Automator, Help, Safari, and Terminal. On Mac OS X v10.4 this functionality is provided by the Download Validation feature. On Mac OS X v10.5 this functionality is provided by the Quarantine feature.
  • An issue exists in the CUPS scheduler’s check of the authentication environment variables when debug logging is enabled. This may lead to the disclosure of the username, domain, and password when printing to a password-protected printer. This update addresses the issue by properly validating environment variables. This issue does not affect systems prior to Mac OS X v10.5 with Security Update 2008-002 installed.
  • Multiple issues exist in Adobe Flash Player Plug-in, the most serious of which may lead to arbitrary code execution. This update addresses the issue by updating to version 9.0.124.0.
  • A use-after-free issue exists in the iCal application’s handling of iCalendar (usually “.ics”) files. Opening a maliciously crafted iCalendar file in iCal may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by improving reference counting in the affected code. This issue does not affect systems prior to Mac OS X v10.5.
  • A conversion issue exists in ICU’s handling of certain character encodings. Particular invalid character sequences may not appear in the converted output, and this can affect content filters. Visiting a maliciously crafted web site may lead to cross site scripting and the disclosure of sensitive information. This update addresses the issue by replacing invalid character sequences with a fallback character.
  • An out-of-bounds memory read may occur in the BMP and GIF image decoding engine, which may lead to the disclosure of content in memory. This update addresses the issue by performing additional validation of BMP and GIF images.
  • Multiple vulnerabilities exist in libpng version 1.2.18, the most serious of which may lead to a remote denial of service. This update addresses the issue by updating to version 1.2.24.
  • An integer overflow in the handling of JPEG2000 image files may result in a heap buffer overflow. Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through additional validation of JPEG2000 images.
  • An undetected failure condition exists in the handling of packets with an IPComp header. By sending a maliciously crafted packet to a system configured to use IPSec or IPv6, an attacker may cause an unexpected system shutdown. This update addresses the issue by properly detecting the failure condition.
  • A null pointer dereference exists in the kernel’s handling of code signatures in the cs_validate_page function. This may allow a local user to cause an unexpected system shutdown. This update addresses the issue by performing additional validation of code signatures. This issue does not affect systems prior to Mac OS X v10.5.
  • Mongrel is updated to version 1.1.4 to address a directory traversal issue in DirHandler which may lead to the disclosure of sensitive information.
  • The sso_util command-line tool required that passwords be passed to it in its arguments, potentially exposing the passwords to other local users. Passwords exposed include those for users, administrators, and the KDC administration password. This update makes the password parameter optional, and sso_util will prompt for the password if needed.
  • An information disclosure issue exists in Wiki Server when a nonexistent blog is accessed. Using the information in the error message, an attacker may deduce the existence of local user names. This update addresses the issue through improved handling of error messages. This issue does not affect systems prior to Mac OS X v10.5.



Share this