Severity: High
11 February, 2008
Summary:
- These vulnerabilities affect: OS X 10.4.11(Tiger) and OS X 10.5.x (Leopard), both client and server versions
- How an attacker exploits them: Multiple vectors of attack, including enticing one of your users into visiting a malicious web site
- Impact: Various results. In the worst case, attacker executes code on your user’s computer, with your users privileges
- What to do: OS X 10.4.11 users should install Security Update 2008-001. OS X 10.5.x users should install version 10.5.2
Exposure:
Today, Apple released a security update fixing over 11 security issues in software packages that ship as part of OS X, including Mail, Launch Services, and Samba. Many of these vulnerabilities allow attackers to execute any code they choose on your OS X machines, so we rate this update Critical. Apply it as soon as you can. Some of the fixed vulnerabilities include:
Severity: High
11 February, 2008
Summary:
- These vulnerabilities affect: OS X 10.4.11(Tiger) and OS X 10.5.x (Leopard), both client and server versions
- How an attacker exploits them: Multiple vectors of attack, including enticing one of your users into visiting a malicious web site
- Impact: Various results. In the worst case, attacker executes code on your user’s computer, with your users privileges
- What to do: OS X 10.4.11 users should install Security Update 2008-001. OS X 10.5.x users should install version 10.5.2
Exposure:
Today, Apple released a security update fixing over 11 security issues in software packages that ship as part of OS X, including Mail, Launch Services, and Samba. Many of these vulnerabilities allow attackers to execute any code they choose on your OS X machines, so we rate this update Critical. Apply it as soon as you can. Some of the fixed vulnerabilities include:
- Foundation memory corruption vulnerability. Foundation is an OS X component that helps Safari handle and web pages and URLs. According to Apple, Foundation suffers from an unspecified security vulnerability involving how it handles maliciously crafted URLs. If an attacker can entice one of your users into visiting a malicious URL, he could exploit this vulnerability to execute code on the user’s computer, with that user’s privileges. Furthermore, the attacker could then leverage another vulnerability described in Apple’s alert to elevate this privilege and gain complete control of your user’s computer.
- Mail security vulnerability allows attackers to execute code. Mail is the email client that ships with OS X. Mail suffers from an unspecified implementation flaw involving the way it handles certain types of URLs (specifically, the file:// URL). If an attacker can entice one of your users into clicking a specially crafted URL within an email message, he can exploit this flaw to execute code on that user’s computer without any further user interaction. By default, the attacker would only execute code with that user’s privileges. However, he could then leverage another vulnerability from Apple’s alert to gain complete control of your user’s computer.
- Samba buffer overflow vulnerability. Samba — the OS X component that allows Mac computers to handle Windows shares — suffers from a stack-based buffer overflow vulnerability. By sending a specially crafted NetBIOS Name Service request, an attacker could exploit this vulnerability to either crash Samba, or to execute code on your Macintosh computers. Apple’s alert doesn’t specify what privileges an attacker gains when exploiting this vulnerability. However, even if the attacker gains basic user privileges, he could exploit other vulnerabilities described in Apple’s alert to gain complete control of your OS X computers.
Apple’s alert includes over eight more flaws, including more code execution flaws besides the ones described above. The remaining vulnerabilities also include Denial of Service (DoS) flaws, an elevation of privilege flaw, and an information disclosure vulnerability, plus others. Components patched by this security update include:
| Directory Services | Foundation |
| Launch Services | |
| NFS | Open Directory |
| Parental Controls | Samba |
| Terminal | X11 |
Refer to Apple’s alert for more details.
Solution Path:
Apple has released updates to fix these vulnerabilities for both OS X 10.4.11 and 10.5.x. Apple OS X administrators should download, test, and deploy the appropriate updates as soon as possible.
- Security Update 2008-001 (PPC)
- Security Update 2008-001 (Universal)
- Mac OS X 10.5.2 Combo Update (Client)
- Mac OS X 10.5.2 Combo Update (Server)
Note: If you have trouble figuring out which of these patches corresponds to your version of OS X, we recommend you let OS X’s Software Update utility automatically pick the correct update for you.
For All Users:
These flaws support diverse exploitation methods. Some of the exploits are local, meaning that your perimeter firewall never encounters the attack (unless you use firewalls internally between departments). The most secure course of action is to install the updates.
Status:
Apple released updates to fix these issues.