25 holes fixed in Mac OS X
With their latest security update for MAC OS X, Apple closes 25 security holes, including 18 bugs in Mac OS X 10.3.9 and 23 in version 10.4.9. Vulnerabilities in Kerberos, network_cmds, VideoConference and Libinfo can be exploited remotely for arbitrary code execution. Although a vulnerability in the FTP daemon also may result in remote code execution, user authentication is required for attackers to do so. Another hole in Libinfo may facilitate malware infection if users launch a manipulated web site.
Apple users must also be very careful when opening certain files or images. Manipulated Tar archives, UFS images, help files and installer packages may write and execute code on the computer while being processed. Numerous other holes exist, which may be exploited by a user with restricted access to obtain system privileges. This has been a well-known Mac OS X vulnerability since the Month of Apple Bugs. Bugs of this kind reside in AFP, CarbonCore, SMB, LoginWindow and WebDAV. The latest updates fix these and all other holes mentioned. However, some other local privilege escalation vulnerabilities detected during the MOAB are left unfixed.
For 10.3.9 servers, a download of about 54 MBytes must be expected, although the client requires only 38 MBytes. Downloads for Mac OS X 10.4.9 are smaller: while the Universal version will still need 16 MBytes, only 9 MBytes will be required for the PPC version.
- Security Update 2007-004, advisory from Apple