Apple - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Apple


43 Flaws Fixed in Mac OS X, QuickTime



 By: Ryan Naraine
2006-05-12
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Apple story.


Rate This Article:
Poor Best
Apple ships two separate updates to fix serious code execution holes affecting Mac OS X and the QuickTime media player.

Apple Computers security update train rumbled into the station late May 11 with fixes for a whopping 43 Mac OS X and QuickTime vulnerabilities.

The companys Security Update 2006-003 patches 31 flaws in the Mac OS X, most of them serious enough to cause "arbitrary code execution attacks."

Apple also shipped QuickTime 7.1 as a major security overhaul to correct 12 code execution and denial-of-service flaws.

Resource Library:

The Mac OS X mega update includes patches for Apples flagship Safari browser and Mail client.

According to the advisory, the Safari fix covers a flaw that could allow file manipulation or code execution if a user is lured to a maliciously rigged Web site.

In Mail, Apple said the bug could allow harmful code execution if a user is tricked into viewing a malicious e-mail message.

To read more about QuickTime code execution flaws, click here.

"By preparing a specially crafted e-mail message with MacMIME encapsulated attachments, an attacker may trigger an integer overflow. This may lead to arbitrary code execution with the privileges of the user running Mail," the company said.

The Mac OS X update also fixes code execution vulnerabilities in AppKit, ImageIO, BOM, CFNetwork, ClamAV, CoreFoundation, Finder, FTPServer, FlashPlayer, LaunchServices, libcurl, Preview, QuickDraw and QuickTime Streaming Server.

In the QuickTime 7.1 update, Apple ships 12 fixes for "application crash or arbitrary code execution" vulnerabilities.

The QuickTime bugs can allow a malicious hacker to launch successful attacks using different vectors; a specially crafted JPEG image; rigged QuickTime movies; specially created Flash, MPEG4 or H.264 movies; or maliciously crafted FlashPiX or BMP images.

Check out eWEEK.coms for the latest news, reviews and analysis on Apple in the enterprise.





  Reader Comments: 43 Flaws Fixed in Mac OS X, QuickTime
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Apple Articles          >>> More By Ryan Naraine
 


x}r㶲s\@4{3kEw{)ٖZ-/K3ΤN"!1Ej/~b:?qtMJe3NƖnt7F?;;$rȹklJv'[D;;?>P|gSo92p=z#m)>M3ȩ 55vGl&J~x/AT{j x5uޚ]ٚ#7Gp2 X-$0+rZA'AjZlZ P'@.tQh{⻶eMao}{Xe;'7 CxKd/B(o!Qus?=x/fwgB(ƻF {iZvP;U{ah /\1r.b,{{74_M*> L=iTVE;&3Ýtf?Dk N\#Zˆ螥{ɧ5u5I ` 1l{`<E%$7 .lqO-%0/V`=Ķ|h)tq:/r~/7@7nF;s}2 .vQKv TmO |lMSI uBأz/˺7hm7yahjTӪrP5X;p>Wwcwm9{ 2w7ɇ޺RV5MQj݋euغsm)kCq>t;'=r:;{/׼ ;Aڼ7@o&37`JLTRB`d" Pc@GGYuڇ5](E~W-b)ځVP]F[<," J2~̢J :OEuuyHutzxn |g)̠V*PFfЊ%+%2\u\_?]s\/;]rҹ"ǭVY; i OfɷV\vO^ćMnXCyC0-ߕRMRs~:\8.?HN‘,ɯ3`HBm۲ܺȑ\R yɽ+a(7f`X@7? eR2x&p* ߳n^S'G5ǯ/iVj5Vi?z[SĿ G/<@'LYp3Z&9T23=MHk 3!RBʼ୦ĿwIK _VPJB-)\D7h+ԌTwIQQ#=^f/\R@2Al8{ØWҽTWws^ iغ\48?]7+De., s5ͷwjzaZTpx3jOWcҽ\t;6?`Ub}PhvZM]qsuTSt*Zl:־RA^Tjr{hc2ud8԰:AGAticšwh4N@7h`C=҉:L w|h.x:4,Ab&a`M?FAтMz>tT9]|2Z9ܹ L&z.5Hˋ0P6=x Be^~}¢1O[>ȁ=woMou &QsfPBx?˜K) Xt =JIAL"D% T h4AEENmb$w$]I+TbD8JnOu$#J"ڹLX*QY,p[/ ͙JRdycƲń(VFNl(0Vn)t:>{j -j&[ߪ&TYwCxz#kjISʁbY;7l ʸ5MVRQy9:zGȃ`=r=6Ol#p:hBJmHw:vJ[Y*b=)4jKzF of`׆ K ؈Ôҵ&SKwEeHMw&f d>j'[arShfh:l=}:8Hy¬5ѝ_φRP՘Iڏ9&_G5 k^ˣ6Wеm.2躢΍Ʊ4St%rn9h& 'րzqDe˜,Za' #ؚðyNaSmG3[䊻!`P#fpu,Tn]wdSIBnmLqb ֚p성 .c,|=G0" un‚_8R" @48 y| *jq1 b (h bAzpEnabIt`1:C.5fz_=2dB4]En,A@{BRT j%&ZYUKZTpWt~燼N$p/q8^~b-4,|Qj}zMM{] \μ + '3E<&R$,p2HU?Z}`/cҧ8@ĺU0UESUG++^>F]h!.־1X@P A6+8SӞ,5Z,,Y~B)'؂ _+9 c ,rڹm?ReW᧘TVQqi?p;p跸@^5`8`Ȍ)ĨuUԪ}g:zoB6E׌u0ȀNÝWlȡ3p_AOSܷ V}uP@"̳iLZ<*ʗ2wY| RX3͓i4=_@HpbGi |cϺ!G܏p<6L M}G TQW5@e2&0҃F5c;[ LلY2Z Ɗ_AFp5xl==CݸM_-YEn;&+㧐ksC/)ɹ%wAVNZPn2i`$e|;W.xY3'Gu"M."́08h'2"n=!|/I0VRRXU V_Aұg.3_wj<]`L4>JiӘG2cdQhVz\ 4g2<c>?/i)T",߸X,Ẃ'^`SXZ>0lz |i:tGM4*VH!IPkQkIu|d*+ZR^?*n,: /6" ތbl ezפ\+ԕMOe3q1GX=x=d6 5C+jBgYb`1O?f[FIeYyVum4uP"5{Hq#$˴I>N0atA*¾G.CGTTWFogMGD0|f^%uRiEmT)~ܑN[ 8zAbzQ=Y rvjT rF2R@BZNb.xœo -"ԄpLaV*c7x~.Rȓ$ |J D\y>1a}n\frjn48Z&IEqDcxH156 B @ t[WY0z.BZMUc z A0V ?v1KwxEp[(+h,6dsJ;t0?x>kwޗj? i^3_{"Ts 8z-ӤN)fTDXSaoy0;{8쀒N1LElOܢMF]nց9)ŔN yr< AGJ脊bye5))e3O5NRMLC]OC/$;+B:Tzs gaM6mn3gj?n6D20@u\d0 `qk5‰@P V-lj9l0`&0>9ͫ|1{~U*۞L #H1Ń O~ؑq eީӊNf|vu+KׅNoݗ>W}1kyT̵jПdeNx?HАZ#=p>~挜003|{mv5|Of0>owV8}'i?ww;޽wܾdO#@/lvm鼳~2O> AY؞qnbLpX#Pzp~vƔI 3q#ĠHZsMs _56DN XW+iƿ_Bc#ZT^?1;lTƊ f™) W2 |cM-9&p$~M{fr+ (? 'Vxe[bw[0w| LcKG3fdM%̺Z(}X`ˤ~bNϸ^8Q΃9 pW5)ԙY%VOP.9oƳOr`k[x힔>(SVZM1-ex "f:|7Jv0GVGcXS#Og,ڂB4pk3}L'a4%9x Ny'<]N.]OuLѹ yVP<.:0`18֟Ʀ5N۝W~?r-T+h]F݃79渪LDx4F蔙s쿗8粈JR,Or%CB1tA8Nbtv)"" :K2h`Խzb uՄsL@-p rF/6|p4uYD~vd?{ۊRDgzjh'YP1~dFB7>eo`KKG8=ҩezB@ A8 0p"A Dy#fuʛLXtK'vȪ"u +lQϙmoxM*YO"I R%0<}xtUK)chxKP`schX.h\ڗH02'!4& @^FNyf;w`~4 ;EqF$.LBȻ0a ;B='OV$Eۂ'ϥ!-s B_r &}<o*U Zeq! "@B=4ce"X_%UWm/NhQ#}/ljt5~5𺌮MN3ZQV1K)+6Saؾh;^jUy5WM"5]Wa} MKes<7;^Q:`?iWa@gB}psi,h/hJݱ5 @Jx!̽b Ռ]}|~>.Ppr캞/X^5M€ԅ>vnHY@% <L`_ 4" j<ĆlttK'(awf1z3ϜtGrA']}j+eb'!TA C?= =D x4 lei:ܕ0.syNW3U~%|9n!Z+i,Xkխ;0:5.`z]z?#R *dFH^ _? !-C#^ڐe/'Wֵt{mSۗիRQa^ _jRK\̭4c KG>/3|j M퓨-""ż\>ixN1$ejː43S7dgs;%).h\߿ iԳ`{RX^/gL˫ p%,!vj,Z ! 䁡߽߽߽߽= XU^70CsЦgFKesMan:ږI1>/ś1чzCx?m{Zdƶo|kw䢉&/u4|sEa5hX[% PBIF(pSaNHf͋.HTj3+˿Åq$ǧ$s>)GhokcӚYN[_$v/;xuTPkݾW@)jAHƫa'"DuopْQ\D[po,]jUTܜq@uĚ ބ1)L I&0qMP|5| i4& ?ƻp:p]Xu2%Ӂ,4WfL?MIny40ml+PN@R\x8\}8ioљ3–TY2lDƖ/tE“YG;_UB#Dg胜J^+*9rˮyY= rφMmSkʸj+)pm)wO&.ޅ&T"˷]+5W3i`|)zP!1jMOk?09Z_ȚLHj~6}A˽;V4i) mX[`8,ċ,[;ONaYmZۈYޣ.9{Uʒ~ZZN n8n}67cwzl/ if%e։iV$1"*Nh斖-P2իaD opcAdB`y|ϛ [D2!pS{?*ǝ@ דּ[U~!FVVrc[~t?TQEmL:G+&-8=BYWPXL8!%9pذ(rހPM=Ǐ;}JDnt Q+"]CPVô-}L]I a!/(!/DȮ|qaI{L&{ǘ$c갺6_o\[a0&_1V&GdBA8AXJo,"xa CquQ%Ǥw_FpxAҲ&z.1lsh*b4 B-'Q+}L1~S咋|?9Bӊ,w)]dDo=7:էBZcě|Wes;ɣS#D[t#HU) & 0Z`#i1 3r3#6j=!vӚ \׶j=!v[׺v̈́|W@O[jkw0r,4YձHlݹY恏<5dD+9mOc+ӘP v<1_+AJLB(fYiv' .GqYow/?VH|Uwd]C2,7ߤ`(8NL}h+{VzG"?{|Qzـj#E I:N ~VPԓG)׀"x\W7}D['鍀I+62sjDlo_ /uh`Af\g^uE@;C}m!L}<y]\& h,L"g`c`2 P UCO`qw O?0[<3ـ OScP.y-r9G7FuEW) cDR/2O0 ឩpUHTdL4B&(qTiK$1<ɀQdbk,ywJ`C'[EY|ob{LgA~*\b@Ԑ0(V$Ѕ:y,@#!9ωkY1+a]?[/#}|AaPZ  +z+U'I]Ui_)9CȮ KDU,|.OgY,f/c/^iBR ?$-G쌆=xɾy:>1:7YѼCS(?(#3a|/2"C~.`.2Ưd:_:2?.ˌ2 w3 { 忮.)>Crs~~3w Y{ _g wɹN2!(ofYNOoT8\0_JeYW@a uqQ^ }VV<_`dkt.rf_u3 ̭LڗGBX\jzr+g^&e4v+iA- {}ys/-#yioRG AQA. 3l?V\[[,Oнۺ{' Jݓs+z`~J\]N9b}+|Uny+tVOq&R2#s"qG#i@A'm]b>s2 'գ,O;HߪexĻ͏ݞ܃8}n}7}Fn_x܊xG5iphg?>/yd֪WVFKp'k͠~%k"N^xylߣx߅ ߒD,| e%Hi1\= 'Aݷ&DB$p G0dǤi&9#l]i"bؖB['mVƑĹ; O,E~f&gM ؠGnў##PrO?g)b|+}*Յo\OΆ .Ly+z~՞+?8,U`YD CAq( 5t=_ Z<6T)IMɱαyyBҗ`pb)Had~kf!td ܹ Wf71s(-<+cm,5zvuԽkl v7𜙄 uHgf@L V8=>/޺chd>Ck+CPa,gvs R59>`&,D*9"Qo P @EikN?jwH3ۉz ^&%˷}YQ v|.yzhFʪv\v#t|5)B4w^|7(6؆|!Og ϻHjO(tI`R1|0j;;1TeΝ[QYɶz S~n^(Co݂k\+<>ci)fzc< znG}4צJu A]=_vs[YʐL\kDI qk-.,wvUa4,Lb1"[\QI(VжX3e|"@a)5x`Ʉn~ӣf<˜4W6IĶqynuҵ-ˑ;}`)|":xqea =V\r*﻽/g;vV/Pt.zI}eT3uG<; Ootۿ{hT*ቋ[폧%GU n/:.@ђu:Wǭ4!ջl/>&+==;`ol3gs7*Р`M-jez'1l5ɋmEgl3W'5X-lt{ o"f/On6%s|NKIKn^ͦG(ϗGsKq>tgLp -ͱ=RZ`'l/Z6vJD*