Apple releases an update for Mac OS X computers to plug nearly 60 security holes. Many of the vulnerabilities impact the latest version of Mac OS X, aka Snow Leopard.
Apple has pushed
out a massive patch
to address nearly 60 vulnerabilities affecting
Mac OS X.
The most serious of the flaws can
be exploited by a remote attacker to take over a vulnerable system. Most of the
vulnerabilities impact Snow Leopard
the latest version of Apple's operating system. The batch of fixes addresses
more than three times as many vulnerabilities as the update in August
, which fixed 18
Among the most serious of the bugs
is a memory corruption issue in DirectoryService that may allow a remote
attacker to trigger an application crash or execute arbitrary code. According
to Apple, the issue only affects systems configured as DirectoryService
Apple's CoreGraphics component has
multiple integer overflows tied to its handling of PDF files that can result in
a heap buffer overflow. Opening a malicious PDF file can lead to application
termination or arbitrary code execution, Apple warned, and the patch fixes the
situation by improving bounds checking.
Also fixed is an issue involving
Apple's Adaptive Firewall. In certain circumstances, the firewall may not
detect SSH login attempts using invalid user names, Apple states in an
advisory. The patch resolves the issue by improving detection of invalid SSH
Apple also removed support for
X.509 certificates with MD2 hashes for any use other than as trusted root
certificates, stating that they may expose users to spoofing and "information
disclosure as attacks improve."
"There are known cryptographic
weaknesses in the MD2 hash algorithm," the advisory states. "Further research
could allow the creation of X.509 certificates with attacker controlled values
that are trusted by the system. This could expose X.509 based protocols to
spoofing, man in the middle attacks, and information disclosure."
Several of the fixes address security
issues in QuickTime and open-source components such as Apache, OpenLDAP and
OpenSSH. According to Apple, there's an implementation issue in OpenLDAP's
handling of SSL certificates that have NUL
characters in the Common Name field.
"Using a maliciously crafted SSL certificate,
an attacker may be able to perform a man-in-the-middle attack on OpenLDAP
transactions which use SSL," according to Apple. "This update
addresses the issue through improved handling of SSL certificates."