Security updates from Apple
Apple has released another major bug fix for the Max OS X operating system. Several of the flaws addressed by the Security Update 2006-007 are critical and allow attackers to smuggle in malicious code.
One hole closed by the Apple update is the bug in the AirPort driver for Orinoco WLAN hardware, through which ill-intentioned individuals, within WLAN broadcast range, can use specially prepared packets to gain complete control of affected systems (eMac, iBook, iMac, PowerBook G3 and G4 and PowerMac G4 systems with the original AirPort card from Apple).
The manufacturer has also eliminated several vulnerabilities in the Apple Type Services font server. Rigged character set files can lead to the execution of arbitrary code. Specially manipulated queries to the services can allow local users to execute code with system rights. Another bug in the creation of log files can also enable them to create or overwrite arbitrary files with system rights.
The Finder cannot properly handle malformed .DS_Store files. Attackers can share directories with specially prepared .DS_Store files that then provoke a heap buffer overflow when browsed by the Finder, allowing planted code to be executed. If PPPoE is activated, users on the local network can trigger a buffer overflow, causing a crash or the execution of malicious code.
The display of manipulated HTML pages with applications based on Webkit, including Safari, Mail or the Dashboard, could allow previously deallocated objects to be accessed. In a best case scenario this causes the application to crash, but could potentially also lead to the execution of arbitrary malicious code.
Apple is also updating software from third-party manufacturers in which security holes have been found. This includes the ClamAV virus scanner, the gnuzip compression program, the OpenSSL encryption suite, software for the interpreter languages Perl and PHP and the Samba server. The update also eliminates further vulnerabilities in the CFNetwork, the FTP server, in the Installer, in the Security Framework and in the VPN server.
Apple users should receive a prompt to perform the automated update. Because several of the security holes are quite critical, users should update their system as soon as possible.
- About the security content of Security Update 2006-007, overview of the repaired bugs by Apple