Apple closes security holes in 13 components
Apple has released security update 2007-005, which remedies vulnerabilities in 13 Mac OS X components. Attackers were able to exploit these vulnerabilities to inject arbitrary malicious code, escalate their rights, or provoke a denial-of-service attack.
An integer overflow during the handling of specially crafted PDF files could be provoked to inject malicious code. Manipulated files could also be used to cause a buffer overflow via the file command with the same outcome. Attackers were also able to inject arbitrary code into iChat by sending specially crafted UPnP IGD packets, which are used to set up UPnP port extensions on NAT routers, from the local network to the client. The mDNS Responder contained the same vulnerability.
Attackers were also able to take advantage of the easily cracked user verification in PPPd to escalate their rights. The file contains the SetUID bit and can load plug-ins indicated by the user, which are then executed with root rights. Attackers were also able to use VPNd to escalate their privileges because a format-string vulnerability could be exploited to inject program code into daemon by means of specially crafted command line arguments.
An update to version 9.3.4 of BIND closes a denial-of-service vulnerability that could be remotely exploited. The crontab script that cleans up the /tmp folder every day, could also delete file systems linked to the folder, thereby also causing a DoS attack. Furthermore, the Ruby CGI library was also vulnerable to denial-of-service attacks that attackers could exploit by sending specially crafted http requests to Ruby web applications. The update for the screen command also closes DoS vulnerabilities.
An update for fetchmail remedies a flaw that allowed the software to reveal passwords. A bug in the alias manager allowed incorrect files to be opened if files of the same name were on different mounted disk images. Finally, Apple has remedied a flaw in texinfo that allowed local users to execute, store, or overwrite arbitrary files with the rights of the user executing texinfo.
Mac OS X's automatic update mechanism is reportedly already downloading and installing update 2007-005. If your computer has not yet done so, you will probably want to download and install the update manually.
- About Security Update 2007-005, overview of the security holes Apple has closed