Secunia Logo
 Vulnerability IntelligenceVulnerability ScanningCommunityBlog - new entry!Corporate InformationOnline ShopCustomer Login  
 Secunia AdvisoriesSecunia ResearchBinary Analysis  
Home > Vulnerability Intelligence > Secunia Advisories > Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
Secunia Advisories
Advisories
Search
Advisories by Product
Advisories by Vendor
Historic Advisories
Mailing Lists & RSS
Report Vulnerability
Contact Form
Business Solutions Restricted
Partner Solutions Restricted
About
 
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
Secunia Advisory: SA30802
Advisory Toolbox:
Issue ticket
Save in to-do list
Mark as handled
Exploit information
Download as PDF
Review actions
Add comment
Release Date: 2008-07-01
Popularity: 4,707 views

Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Spoofing
Exposure of sensitive information
Privilege escalation
DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS:Apple Macintosh OS X
Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2005-3164
CVE-2007-1355
CVE-2007-2449
CVE-2007-2450
CVE-2007-3382
CVE-2007-3383
CVE-2007-3385
CVE-2007-5333
CVE-2007-5461
CVE-2008-0960
CVE-2008-1105
CVE-2008-1145
CVE-2008-2308
CVE-2008-2309
CVE-2008-2310
CVE-2008-2311
CVE-2008-2313
CVE-2008-2314
CVE-2008-2662
CVE-2008-2663
CVE-2008-2664
CVE-2008-2725
CVE-2008-2726
Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities and a weakness.

1) An unspecified error in the Alias Manager when handling AFP volume mount information in an alias data structure can be exploited to cause a memory corruption and potentially execute arbitrary code.

2) A weakness is caused due to users not being warned before opening certain potentially unsafe content types, e.g. .xht and .xhtm files.

3) A format string error in c++filt can be exploited to exploited to execute arbitrary code when a specially crafted string is passed to the application.

4) An vulnerability in Dock can be exploited by malicious people with physical access to a system to bypass the screen lock when Exposé hot corners are set.

5) A race condition error exists in Launch Services in the download validation of symbolic links. This can be exploited to execute arbitrary code when a user visits a malicious web site.

Successful exploitation requires that the "Open 'safe' files" option is enabled in Safari.

6) A vulnerability in Net-SNMP can be exploited by malicious people to spoof authenticated SNMPv3 packets.

For more information:
SA30574

7) Some vulnerabilities in Ruby can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.

For more information:
SA29232
SA29794

NOTE: Reportedly, the directory traversal issue does not affect Mac OS X.

8) A vulnerability in SMB File Server can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA30228

9) It is possible to store malicious files within the User Template directory. This can be exploited to execute arbitrary code with permissions of a new user when his home directory is created using the User Template directory.

10) Some vulnerabilities in Tomcat can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information or to conduct cross-site scripting attacks.

For more information:
SA25678
SA26466
SA27398
SA28878

11) A vulnerability in WebKit can be exploited by malicious people to compromise a user's system.

For more information see vulnerability #3 in:
SA30775

Solution:
Update to Mac OS X 10.5.4. or apply Security Update 2008-004.

Security Update 2008-004 (PPC):
http://www.apple.com/support/downloads/securityupdate2008004ppc.html

Security Update 2008-004 (Intel):
http://www.apple.com/support/downloads/securityupdate2008004intel.html

Security Update 2008-004 Server (PPC):
http://www.apple.com/support/downloads/securityupdate2008004serverppc.html

Security Update 2008-004 Server (Intel):
http://www.apple.com/support/downloads/securityupdate2008004serverintel.html

Mac OS X 10.5.4 Combo Update:
http://www.apple.com/support/downloads/macosx1054comboupdate.html

Mac OS X 10.5.4 Update:
http://www.apple.com/support/downloads/macosx1054update.html

Mac OS X Server 10.5.4:
http://www.apple.com/support/downloads/macosxserver1054.html

Mac OS X Server Combo 10.5.4:
http://www.apple.com/support/downloads/macosxservercombo1054.html

Provided and/or discovered by:
The vendor credits:
2) Brian Mastenbrook
4) Andrew Cassell, Marine Spill Response Corporation
8) Alin Rad Pop, Secunia Research
9) Andrew Mortensen, University of Michigan
11) James Urquhart

Original Advisory:
Apple:
http://support.apple.com/kb/HT2163

Other References:
SA25678:
http://secunia.com/advisories/25678/

SA26466:
http://secunia.com/advisories/26466/

SA27398:
http://secunia.com/advisories/27398/

SA28878:
http://secunia.com/advisories/28878/

SA29232:
http://secunia.com/advisories/29232/

SA29794:
http://secunia.com/advisories/29794/

SA30228:
http://secunia.com/advisories/30228/

SA30574:
http://secunia.com/advisories/30574/

SA30775:
http://secunia.com/advisories/30775/

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Today
New advisories: 20
New vulnerabilities: 81
Updated advisories: 34

Less // 148 views
Novell Netware ApacheAdmin Console Security Bypass
Moderately // 124 views
Webboard Street SQL Injection and Information Disclosure
Moderately // 146 views
Null FTP Server "SITE" Parameters Command Injection Vulnerability
Moderately // 121 views
User Engine Lite ASP Database Disclosure
Moderately // 134 views
Merlix Template Creature "mcatid" SQL Injection Vulnerability
Highly // 158 views
CcTiddly Multiple File Inclusion Vulnerabilities
Not // 235 views
Tor Two Weaknesses
Moderately // 175 views
Tribiq CMS "cID" SQL Injection Vulnerability
Highly // 181 views
Gravity GTD File Inclusion and PHP Code Injection
Highly // 309 views
Trillian Multiple Vulnerabilities

Solutions | More...  

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Sun Java JDK / JRE Multiple Vulnerabilities // 353 views
2. Novell Netware ApacheAdmin Console Security Bypass // 129 views
3. Adobe Flash Player Multiple Security Issues and Vulnerabilities // 126 views
4. Webboard Street SQL Injection and Information Disclosure // 93 views
5. Trillian Multiple Vulnerabilities // 66 views
6. Null FTP Server "SITE" Parameters Command Injection Vulnerability // 61 views
7. Tor Two Weaknesses // 57 views
8. User Engine Lite ASP Database Disclosure // 44 views
9. Adobe Acrobat/Reader Multiple Vulnerabilities // 41 views
10. Apple QuickTime Multiple Vulnerabilities // 41 views



Contact | Terms & Conditions and Copyright | Report Vulnerability | Press | Jobs | About Secunia
Copyright Secunia 2002-2008