Apple has fixed multiple security flaws in Mac
OS X that attackers could exploit to run malicious code on targeted
machines, trigger a denial of service or boost their user
privileges.
The Cupertino, Calif.-based vendor has detailed the flaws in
Apple security update 2007-005. They
include:
- An implementation error in the Alias Manager keeps the
operating system from showing identically named files contained in
identically named mounted disk images. Attackers could exploit the
issue to trick users into opening malicious programs.
- An integer-overflow error in CoreGraphics occurs when malformed
.pdf files are handled. An attacker could exploit the flaw to run
malicious code on a targeted system by tricking a user into opening
a malicious .pdf file.
- An error in crontabs occurs when the daily clean-up script is
launched. Attackers could exploit this to cause file systems
mounted in the "/tmp" directory to be deleted.
- Attackers could exploit a buffer-overflow error in the UPnP IGD
(Internet Gateway Device Standardised Device Control Protocol) code
used to create port mappings on home NAT gateways in iChat to run
malicious code by sending a specially crafted packet.
- Local attackers could exploit an implementation error in the
PPP daemon when loading plugins via the command line to obtain
system privileges.
- Attackers could exploit an error in the screen program to cause
a denial of service.