Contact Us Today! (215) 853-2266

Bardissi Enterprises Blog

Bardissi Enterprises has been serving the Hatfield area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

UPDATE: 2012′s First OS X Update Corrects 52 Security Vulnerabilities

Last week, Apple released an OS X update that fixed 52 security vulnerabilities. However, customers have reported that the Snow Leopard (10.6.x) version of the update causes problems with Rosetta — a component that allows Intel Macs to run PowerPC programs. In response, Apple has revised their original advisory, and released a new version of the Snow Leopard update.

If you use Snow Leopard, and you downloaded Apple’s update on February 1, you should download the revised v1.1 update from the Apple Software Download page. Apple doesn’t appear to have changed the text on their download page to reflect this new version. However, they did share new checksums for the revised updates in their email security advisory. You can find those SHA-1 checksums below:

For Mac OS X v10.6.8
  • Download file name: SecUpd2012-001Snow.dmg
  • SHA-1 digest: 29218a1a28efecd15b3033922d71f0441390490a
Last week, Apple released an OS X update that fixed 52 security vulnerabilities. However, customers have reported that the Snow Leopard (10.6.x) version of the update causes problems with Rosetta — a component that allows Intel Macs to run PowerPC programs. In response, Apple has revised their original advisory, and released a new version of the Snow Leopard update.

If you use Snow Leopard, and you downloaded Apple’s update on February 1, you should download the revised v1.1 update from the Apple Software Download page. Apple doesn’t appear to have changed the text on their download page to reflect this new version. However, they did share new checksums for the revised updates in their email security advisory. You can find those SHA-1 checksums below:

For Mac OS X v10.6.8
  • Download file name: SecUpd2012-001Snow.dmg
  • SHA-1 digest: 29218a1a28efecd15b3033922d71f0441390490a
For Mac OS X Server v10.6.8
  • Download file name: SecUpdSrvr2012-001.dmg
  • SHA-1 digest: 105bdebf2e07fc5c0127f482276ccb7b6b631199
For reference purposes, I’ve included our original OS X alert below.
Summary:
  • These vulnerabilities affect: All current versions of OS X 10.6.x (Snow Leopard) and OS X 10.7.x (Lion)
  • How an attacker exploits them: Multiple vectors of attack, including enticing your users to visit a malicious web site, or into downloading and viewing various document or media files
  • Impact: Various results; in the worst case, an attacker executes code on your user’s computer
  • What to do: OS X administrators should download, test and install OS X 10.7.3 or Security Update 2012-001 as soon as possible, or let Apple’s Software updater do it for you.
Exposure:
Today, Apple released a security update to fix vulnerabilities in all current versions of OS X. The update fixes around 52 (number based on CVE-IDs) security issues in 27 components that ship as part of OS X or OS X Server, including Apache, Quicktime, and Time Machine. Some of the fixed vulnerabilities include:
  • Multiple ImageIO Buffer Overflow Vulnerability. ImageIO is one of the components that helps OS X handle various image file types. Unfortunately, it also suffers from various security vulnerabilities (including some buffer overflow vulnerabilities) involving the way it handles certain types of image files. Though these vulnerabilities differ technically, they generally share the same scope and impact. If an attacker can get a victim to view a specially crafted image file (perhaps hosted on a malicious website), he could exploit any of these flaws to either crash an application or to execute attack code on the victim’s computer. By default, the attacker would only execute code with that user’s privileges. The affected image types include TIFF and PNG.
  • CoreAudio Buffer Overflow Vulnerability. CoreAudio is a component that helps OS X play audio content. It suffers from a buffer overflow vulnerability. By enticing you to play a specially crafted audio file, an attacker would exploit this flaw to either crash your system, or execute code with your privileges.
  • Several Quicktime Vulnerabilities. Quicktime is the popular video and media player that ships with OS X (and iTunes). Quicktime suffers from six security issues (number based on CVE-IDs) involving how it handles certain image and video files. While the vulnerabilities differ technically, they share the same basic scope and impact. If an attacker can trick one of your users into viewing a maliciously crafted image or video in QuickTime, she could exploit any of these flaws to execute code on that user’s computer, with that user’s privileges.
Apple’s alert also describes many other code execution vulnerabilities, as well as some Denial of Service (DoS) flaws, elevation of privilege vulnerabilities, and information disclosure flaws. Components patched by this security update include:
  • Apache ATS
  • CFNetwork ColorSync
  • CoreAudio CoreMedia
  • CoreText CoreUI
  • curl Data Security
  • dovecot filecmds
  • ImageIO Internet Sharing
  • Libinfo libresolv
  • libsecurity OpenGL
  • PHP QuickTime
  • SquirrelMail Subversion
  • Time Machine Tomcat
  • WebDAV Sharing Webmail
  • X11
Please refer to Apple’s OS X 10.5.x and 10.6.x alert for more details.

Solution Path:
Apple has released OS X Security Update 2012-001 and OS X 10.7.3 to fix these security issues. OS X administrators should download, test, and deploy the corresponding update as soon as they can, or let Apple’s automatic Software Update utility do it for you
  • OS X Lion Update 10.7.3 (Client)
  • OS X Lion Update 10.7.3 (Client Combo)
  • OS X Lion Update 10.7.3 (Server)
  • OS X Lion Update 10.7.3 (Server) Combo
  • Security Update 2012-001 Server (Snow Leopard)
  • Security Update 2012-001 (Snow Leopard)
Note: Some of these updates are rather large (700MB or greater), and all require a reboot.

For All Users:
These flaws enable many diverse exploitation methods. Some of the exploits are local, meaning that your perimeter firewall never encounters the attack (unless you use firewalls internally between departments). Installing these updates, therefore, is the most secure course of action.

Status:
Apple has released updates to fix these flaws.

References:
  • February 2012 OS X Security Update
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 09 January 2025
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

Recent Comments

Tip of the Week: Which Headphones are Right for Your Needs?
23 April 2018
I will recommend Plantronics Backbeat Pro 2 SE Noise cancelling Headset with it's Great features.
Gamification: Make Business Fun for Everyone
27 January 2017
The world is based on the games. There are many types of games as per the aussie essay writing servi...
Let's Talk Tablets
12 January 2017
The concept of tablet is far better than that of PC because you can bring them with you everywhere a...
Tip of the Week: Tweak Your Workday in These 4 Ways and See Major Results
12 January 2017
The only thing will I will say regarding this blog is that it is very helpful at least for me. As I ...
WatchGuard Releases Version 10.2.7 for WSM, Edge, Fireware, and Fireware Pro
23 December 2016
I really needed to know about the fireware but i was confused that where can i find information abou...