• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

OS X 10.6.4 and Security Update 2010-004 Fixes 28 Vulnerabilities

June 16, 2010 By The Editor

Summary:

  • These vulnerabilities affect: All current versions of OS X 10.5.x (Leopard) and OS X 10.6.x (Snow Leopard)
  • How an attacker exploits them: Multiple vectors of attack, including visiting malicious websites or downloading and viewing various malicious media files
  • Impact: Various results; in the worst case, an attacker executes code on your user’s computer, potentially gaining full control of it
  • What to do: OS X administrators should download, test and install Security Update 2010-004 or the 10.6.4 update as soon as possible, or let Apple’s Software updater do it for you.

Exposure:

Today, Apple released a security update to fix vulnerabilities in all current versions of OS X. The update fixes 28 (number based on CVE-IDs) security issues in 17 components that ship as part of OS X, including iChat, ImageIO, and Help Viewer. Some of these vulnerabilities allow attackers to gain full control of your OS X machines, so we rate this update Critical. Apply it as soon as you can. Some of the fixed vulnerabilities include:

  • Multiple ImageIO Memory Corruption Vulnerabilities. ImageIO is an OS X component that helps the operating system handle various types of graphical media. It suffers from memory-related vulnerabilities involving the way it handles certain types of images (TIFF) and movies (MPEG 2 encoded). Though the vulnerabilities differ technically, they share a very similar scope and impact. If an attacker can get a victim to view a specially crafted picture or movie (perhaps hosted on a malicious website), he could exploit one of these flaws to either crash the viewing application or to execute attack code on the victim’s computer. By default, the attacker would only execute code with that user’s privileges. However, the attacker could also leverage other flaws in Apple’s alert to gain complete control of your user’s Mac.
  • Network Authorization Code Execution Vulnerability. Network Authorization is an OS X component that handles authenticating users over a network. According to Apple, the Network Authorization component does not properly handle specially crafted URLs that begin with the afp:, cifs:, or smb: URI schemes. By enticing one of your users to a web site containing specially crafted links, an attacker could exploit this vulnerability to execute code on that user’s computer, with that user’s privileges. Network Authorization also suffers from an elevation of privilege vulnerability that could allow a local  unprivileged user to gain complete system privileges on your Mac.
  • Multiple Kerberos Vulnerabilities. OS X’s kerberos component suffers from three different security vulnerabilities. The worst vulnerability has to do with a flaw in how kerberos handles specially crafted messages using AES or RC4 encryption. By sending a specially crafted, encrypted message to your kerberos KDC server, an unauthenticated attacker can exploit this vulnerability to execute code on your computer, gaining complete control of your Mac. Of course, you need to have a kerberos KDS server configured on one of your OS X computers to be vulnerable to this issue. The remaining two kerberos flaws include a second code execution vulnerability and a Denial of Service (DoS) issue.

Apple’s alert also describes many other vulnerabilities, including more Denial of Service (DoS) flaws, information disclosure issues, and Cross Site Scripting (XSS) vulnerabilities. Components patched by this security update include:

    CUPSDesktopServices
    Flash Player plug-inFolder Manager
    Help VieweriChat
    ImageIOKerberos
    libcurlNetwork Authorization
    Open DirectoryPrinter Setup
    PrintingRuby
    SMB File ServerSquirrelMail
    Wiki Server

Please refer to Apple’s OS X 10.5.x and 10.6.x alert for more details.

Solution Path:

Apple has released OS X Security Update 2010-004 and OS X 10.6.4 to fix these security issues. OS X administrators should download, test, and deploy the corresponding update as soon as they can.

  • Mac OS X v10.6.4 Update
  • Mac OS X v10.6.4 Update (Combo)
  • Mac OS X Server v10.6.4 Update
  • Mac OS X Server v10.6.4 Update (Combo)
  • Mac OS X v10.6.4 Update Mac mini (Mid 2010)
  • Mac OS X Server v10.6.4 Update Mac mini (Mid 2010)
  • Security Update 2010-004 (Leopard)
  • Security Update 2010-004 (Leopard Server)

Note: If you have trouble figuring out which of these patches corresponds to your version of OS X, we recommend that you let OS X’s Software Update utility pick the correct updates for you automatically.

For All Users:

These flaws enable many diverse exploitation methods. Some of the exploits are local, meaning that your perimeter firewall never encounters the attack (unless you use firewalls internally between departments). Installing these updates, therefore, is the most secure course of action.

Status:

Apple has released updates to fix this flaw.

References:

  • June 2010 OS X 10.5x and 10.6.x Security Update

Share This:

Related

Filed Under: Security Bytes Tagged With: Apple

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Cybersecurity’s Toll on Mental Health
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Cybersecurity’s Toll on Mental Health
  • Successfully Prosecuting a Russian Hacker
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use