News

Apple fixes 25 Mac OS X flaws

Attackers could exploit about two dozen flaws in Mac OS X to cause a denial of service, bypass security restrictions, disclose sensitive data and run malicious code.

By
  • SearchSecurity.com Staff
Published: 24 Apr 2007 11:30
Apple has released a mega-fix for Mac OS X, sealing about two dozen security holes attackers could exploit to cause a denial of service, bypass security restrictions, disclose sensitive data and run malicious code on targeted machines.

The 25 flaws include the following:

  • An error in the AFP Client that executes commands without properly cleaning the environment. Local attackers could exploit this to create malicious files or execute arbitrary commands with system privileges.

  • A buffer overflow error in the AirPortDriver module that surfaces when malformed control commands are processed. Attackers could exploit this to run malicious code with elevated privileges on eMac, iBook, iMac, PowerBook G3, PowerBook G4, or Power Mac G4 systems equipped with an original AirPort card.

  • An error in the CoreServices interprocess communication local users could exploit to obtain a send right to the Mach task port and execute arbitrary code with elevated privileges.

  • An error in Libinfo that does not properly report errors to applications. Malicious Web sites could exploit this to run malicious code.

  • An integer overflow error in the RPC library that surfaces when the operating system processes malformed requests sent to the portmap service. Attackers could exploit this to cause a denial of service or run malicious code with "daemon" privileges.

  • An error in the software update window that may appear beneath the login window when a scheduled task is run under certain conditions. Attackers could exploit this to log in without authentication if they have physical access to the system.

  • A design error where the username and password used to mount remote filesystems through connections to SMB servers are passed to the "mount_smb" command as command line arguments, which could be exploited by a local attacker to obtain other user's authentication credentials.

    • Read more on IT risk management