Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Apple Security updates released - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple Security updates released

Apple released a security update today for users of Mac OS X v10.3.9 and v10.4.8 (including OS X Server):

  • Mounting a maliciously-crafted disk image could lead to a crash or arbitrary code execution (CVE-2007-0197)
  • Attackers on the local network can cause iChat to crash. A proof of concept was published in January (CVE-2007-0614 and CVE-2007-0710)
  • By using iChat AIM to visit a maliciously crafted URL an attacker could trigger an overflow, leading to a crash of the application or arbitrary code execution.
  • The UserNotificationCenter runs with elevated privileges in a local user context. This update forces the application to drop its group privileges shortly after starting. While this does not fix a directly exploitable vulnerability in itself, it fortifies the overall security posture of the application.

Security Update 2007-002, which contains these fixes, can be downloaded at Apple Downloads. Also have a look at these Java and DST updates.

 

Maarten

158 Posts

Sign Up for Free or Log In to start participating in the conversation!