Apple releases an update for Mac OS X computers to plug nearly 60 security holes. Many of the vulnerabilities impact the latest version of Mac OS X, aka Snow Leopard.Apple has pushed
out a massive patch to address nearly 60 vulnerabilities affecting
Mac OS X.
The most serious of the flaws can
be exploited by a remote attacker to take over a vulnerable system. Most of the
vulnerabilities impact Snow Leopard,
the latest version of Apple’s operating system. The batch of fixes addresses
more than three times as many vulnerabilities as the update in August, which fixed 18
issues.
Among the most serious of the bugs
is a memory corruption issue in DirectoryService that may allow a remote
attacker to trigger an application crash or execute arbitrary code. According
to Apple, the issue only affects systems configured as DirectoryService
servers.
Apple’s CoreGraphics component has
multiple integer overflows tied to its handling of PDF files that can result in
a heap buffer overflow. Opening a malicious PDF file can lead to application
termination or arbitrary code execution, Apple warned, and the patch fixes the
situation by improving bounds checking.
Also fixed is an issue involving
Apple’s Adaptive Firewall. In certain circumstances, the firewall may not
detect SSH login attempts using invalid user names, Apple states in an
advisory. The patch resolves the issue by improving detection of invalid SSH
login attempts.
Apple also removed support for
X.509 certificates with MD2 hashes for any use other than as trusted root
certificates, stating that they may expose users to spoofing and "information
disclosure as attacks improve.”
“There are known cryptographic
weaknesses in the MD2 hash algorithm,” the advisory states. “Further research
could allow the creation of X.509 certificates with attacker controlled values
that are trusted by the system. This could expose X.509 based protocols to
spoofing, man in the middle attacks, and information disclosure.”
Several of the fixes address security
issues in QuickTime and open-source components such as Apache, OpenLDAP and
OpenSSH. According to Apple, there's an implementation issue in OpenLDAP’s
handling of SSL certificates that have NUL
characters in the Common Name field.
“Using a maliciously crafted SSL certificate,
an attacker may be able to perform a man-in-the-middle attack on OpenLDAP
transactions which use SSL," according to Apple. “This update
addresses the issue through improved handling of SSL certificates.”
| | Reader Comments: Apple Issues Massive Mac Security Update | | >>> Post your comment now!
| | What is a virus dad?my daughter who is 13 asked me last year "what is a virus dad?" "kids at school are laughing at me because I don't know".
Summing up why she... Posted At: 01-20-10
By: koutis | | | | | | A user comment on this articleGive it some time, when Macs start playing with the big fish in a more quantitative manner. This is going to be an ongoing thing. Posted At: 12-07-09
By: Vallo | | | | | | | | | | | | ...let the truth be revealedIts completely understandable that an Operating system will have problems when it is rolled out onto 100's of different types of hardware.... oh... Posted At: 11-10-09
By: DaBoostR | | | | | | Apple's Security PretenseThis is just further evidence of Apple's security pretense.
http://adminalive.blogspot.com/2009/09/apples-security-pretense.html Posted At: 11-10-09
By: AdminAlive | | | | | | A user comment on this articleJust like the rotten human race produces an abundance of Trolls; what non-Mac users don't realize is Apple's efficiency in making updates available... Posted At: 11-10-09
By: Solo | | | | | | Rotten ApplesWay to go Apple....people will wake up from misconceptions....Why do people forget that rotten Apple can harvest many worms? Posted At: 11-10-09
By: Orange | | | | | | >>> Post your comment now! | | | | | |
|
 |
(Sponsor)
(Sponsor)
(Sponsor)
Security Hardware & IT Security Software 
