Apple's massive security update to Snow Leopard and other Mac applications addressed multiple remote code execution and arbitrary code execution flaws.
Apple fixed 39 vulnerabilities across Mac OS X and a slew of
Mac applications. The company also released OS X 10.6.8, which may be the last
major update to the operating system before version 10.7 "Lion" arrives
Apple closed security holes in QuickTime, MobileMe, the MySQL
implementation in OS X Server and AppStore in Security Update 2011-004, the
company said in its support
document June 24. In Mac OS X 10.6.8 (for Snow Leopard) Apple patched three
bugs in the operating system and improved protection against MacDefender fake
antivirus scams and related Trojans, according to Apple's KnowledgeBase article.
The OS X 10.6.8 update also has improved IPv6 and VPN
support as well as implemented enhancements to the Mac App Store to
"prepare" the Mac for the upgrade to the new Lion operating system,
OS X 10.7, expected in July.
"The Mac OS X v10.6.8 Update is recommended for all
users running Mac OS X Snow Leopard and includes general operating system fixes
that enhance the stability, compatibility and security of your Mac,"
The 2011-004 update includes all the Snow Leopard bug fixes
as well improvements in AirPort network security, issues handling maliciously
crafted files in ColorSync, CoreGraphics and ATS (Apple Type Services) and a
Windows ID flaw in the Samba file-sharing protocol. All of these
vulnerabilities, if exploited, would have allowed the attacker to run arbitrary
code on the targeted Mac.
Apple also addressed a serious vulnerability in OS X's
certificate trust policy, which governs how the Mac handles digital
certificates. The vulnerability could be exploited by an attacker already in
the network to eavesdrop and intercept user credentials and other sensitive data. The certificate
trust policy flaw was identified and reported by two Google researchers.
The issue exists if an Extended Validation certificate
didn't have an address to check its validity using the OCSP (Online Certificate
Status Protocol). Even if the option to verify all certificates against
the CRL (certificate revocation list) was selected, the error handling issue
meant the list would not be checked and revoked certificates would be accepted
"This issue is mitigated as most EV certificates
specify an OCSP URL," Apple said in its advisory.
Apple fixed five vulnerabilities in QuickTime, the default
media player widely used on the Web. All the bugs could have been exploited by
a remote attacker to run arbitrary code. Apple also addressed eight different
remote code execution flaws in the MySQL implementation that ships with OS X
Server. There were five issues with Apple's OpenSSL implementation, some of which
were also remote code execution bugs, as well.
The way embedded TrueType fonts were being handled in Apple
Type Services could cause a heap-based buffer overflow when a document
containing a maliciously crafted embedded font was viewed or downloaded, according
to Apple's advisory. The flaw, which could be exploited by an attacker to
execute arbitrary code, was reported by two researchers from Red Hat Security
An AirPort vulnerability in both desktop and server versions
of Mac OS X 10.5.8 allowed attackers on the same Wi-Fi network to cause the Mac
to do a system reset.