MAAS History
Archives
« Java Runtime Environment in Mac OSX | Main | Spam Related to CDC, WHO and Swine Flue »
Wednesday
May132009

Mac OSX Security Updates for Client and Server

Over 67 vulnerabilities spanning Mac OSX 10.4.x-10.5.x including in Apache, BIND, CoreGraphics, CUPS, enscript, Help Viewer, International Components for Unicode, Kerberos, Launch Services, Net SNMP, ATS, CFNetwork, CScope, Disk Images, Flash Plug-In iChat, IPSec, Kernel libxml ad Network Time. 

Within CoreGraphics it relates mostly to PDF's, the exploit requires a users to loaded a specially crafted file from download or a web site. Used in conjunction it is possible for and elevation of privileges so having a limit account is not a full proof solution. ATS service can experience a buffer overflow due to the way that t handles Compact Fonts, this again used with other vulnerabilities can allow an attacker to elevate privileges. Use of a limited account is not one hundred percent effective. 

Sites that are hosted from Mac OSX servers using Apache can publish specially crafted files that can substitute their own response for any web page being hosted on that system. CFnetwork flaw is related Set-Cookie parsing which can result in certain cookies being sent with clear text information. For developers that use XCode and need to print line number, many resort to using enscript. This update address several issues including the possibility to execute arbitrary code.

The update also address various issues related to Safari including the heap buffer issues related to libxml.There are also updates for Safari Public Beta which should not for any reason be used on a production system or a system with access to internal network resources. 

 

PrintView Printer Friendly Version

EmailEmail Article to Friend

References (4)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.
Member Account Required
You must have a member account on this website in order to post comments. Log in to your account to enable posting.