MAAS History
Archives

Entries by drStrangeP0rk (171)

Tuesday
Jan192010

Apple Security Update 2010-001

DateTuesday, January 19, 2010 at 04:49PM

Apple has released Security Update 2010-001 to address various issues which have been reported recently including a fix of the TLS and SSL protocols, they do not allow renegotiation of sessions in this update. The IETF are still working on a fix to the protocol and the current version is a preventive security measure which mitigates the risk created. ImageIO has improved bounds checking which prevents a buffer overflow when viewing a maliciously crafted Tiff file. ImageRAW has been improved with better bound checking to address the handling of DNG images. 

CoreAudio could be exploited by a maliciously crafted mp4 file which would lead to application DOS or arbitrary code execution, there have been improvements to the bounds checking. CUPS was susceptible to a "use after free issue" in which an attacker could use a get-printer-jobs request to cause a DOS. It is recommended that users should unload the service if they are not using CUPS printing. This update has fixed this vulnerability but services that are not needed should be disabled. 

Apple also includes an updated Flash Player, after the install you should check your privacy and update settings in Flash to ensure the settings are what you want. This update requires a restart and is vital for client and server deployments.  

magmatic.com references

http://www.magmatic.com/currents/2009/11/7/tlsssl-vulnerability.html

http://www.magmatic.com/currents/category/flash

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , , , , , ,
Monday
Jan182010

Memory Curruption Proof of Concept in QuickTime Library

DateMonday, January 18, 2010 at 06:24PM

Offensive Security has received a posting to their Exploit Database from Dr_IDE that takes advantage of a memory corruption in the QuickTime Library used for a host of Mac OSX applications. This does include QuickLook which will cause a crash to be generated if the file is loaded in Icon view in finder. The proof of concept may be altered to allow an attacker the capability to execute code or produce an Application Crash, it is also possible to use this vulnerability in a remote attack if the attacker is sophisticated. (The URL can be altered very easily in a HEX editor.) The malformed file with codec header can be viewed in FIG. 1. 

Fig 1

At this stage it appears to crash the application, the malformed file is not detected by Mac anti-virus software. Users current defense is to only open and view files from a trusted source and update to the latest version of QuickTime. Remember if you have any doubts about the source then there is no reason to open or load the file on your systems. Additional use of a far more robust firewall which filters incoming and outgoing traffic should also be used locally on the Mac. (ipfw is a great start) These types of files can also be prevented at a proxy or advanced firewall system which can be purchased from from vendors such as WatchGuard or Cisco. Various configuration can drop files that have more the three "characters" together which are very common in POC that are rarely altered by unsophisticated attackers.

It is to be expected that as the popularity of the platform grows so does the interest by crackers. To employ an exploit such as this little tactical effort is needed. However strict defensive measures can mitigate an attack vector such as this. 

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , , , , , , , ,
Tuesday
Jan122010

Apple Remote Desktop Update 3.3.2

DateTuesday, January 12, 2010 at 06:43AM

Apple has released a version of Apple Remote Desktop Update 3.3.2 that has a host of stability and performance improvements. Some of which include better handling of Network Address Translation (NAT) behind a firewall, authentication reliability and a fix to the MAC address issue with MacBook Air. There are also improvements to the handling of third party VNC servers which is especially important for administrators in mix envirerments. The following is a list directly from Apple's Web site.

Setup

  • Improved handling of IP address and port changes for clients accessed behind a Network Address Translation (NAT) system
  • Upgrading to Apple Remote Desktop 3.3 will no longer reset non-administrator access privileges
  • Improved reliability when authenticating new client computers

Software Distribution

  • Improved reporting of results of failed package installations

Asset Management

  • MacBook Air MAC address is now correctly reported
  • Improved reliability of reporting systems configured with AirPort
  • Correctly reports system version for systems that have been promoted from Mac OS X to Mac OS X Server

Remote Assistance

  • Improved mouse cursor tracking when controlling remote systems
  • Improved reliability when controlling remote clients that have a 1366-by-768 resolution
  • Improved performance when clients are being controlled by RealVNC viewers
  • Improved reliability when controlling systems that have dual graphics processors
  • Improved support when controlling systems running third-party VNC servers
  • Improved reliability for drag-and-drop file copy
  • Improved reliability when controlling client computers that have two displays
  • Improved reliability when controlling remote systems in scale mode with certain resolutions
  • Menu Extra now correctly shows status when being observed by a VNC viewer
AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , , ,
Sunday
Jan102010

Bonjour Update 2010-001

DateSunday, January 10, 2010 at 12:42PM

Apple has released an update of Bonjour which improves the reliability of iTunes and Apple TV. Apple TV would disappear from the iTunes library and would not be available via Bonjour networking. This update will install on server and does not require a restart.

AuthordrStrangeP0rk | CommentPost a Comment |
in ,
Sunday
Jan102010

Buffer Overflow in libc/strtod

DateSunday, January 10, 2010 at 10:51AM

There is a proof of concept (POC) related libc/strtod and dtoa.c implementation in BSD which Apple is aware of for over six months. MacOSX is a hybrid kernel based on Mach 3.0 and FreeBSD, so yes it is BSD. This makes it susceptible to various bugs and exploits that also can affect BSD implementations. SecurityReason.com has posted a security alert and the POC code related to the buffer overflow on BSD indicating that it could result in DOS (System Crash) or malisious code execution. They have also included Mac OSX in this alert along with the POC posted. 

 Fig. 1

The execution of arbitrary code cannot be accomplished using the printf function on the heap as stated on Securityreason.com, they maintain that MacOSX may be vulnerable. I have test the and other functions such as asprintf, vprint and sprintf. (Fig. 1) Open BSD and Mac OSX do ship with Executable Space Protection which does prevent the execution of code on the heap. Code does not need to execute on the heap but it is a far less labor intensive and and a reliable approach for attackers. Calls can be made back to libraries, this allows a buffer overflow a way around Executable Space Protection. (Return to libc is common method.)

The best defense to these kinds of exploits is to only install software from trusted sources, check the sources and do not run them as an admin user. For day to day task (Word Processing, Web, Mail, etc.) you should never be logged in as a privileged user. From a development standpoint secure coding practices are important. Lack of verification and validation can lead to a host of errors, secure development process should be used. Still, there is plenty of poorly written code that miss handles memory, validation and verification. If you do not trust the source for any reason you should not install the software.

AuthordrStrangeP0rk | CommentPost a Comment | Reference2 References |
in , , , , , , , ,
Page 1 ... 17 18 19 20 21 ... 35 Next 5 Entries ยป