Friday, September 18, 2009

In other Apple news ...

There's an OS X update available, filled (really filled, like maybe 26 of them) with security patches. This one smells important, because a combination of the vulnerabilities sounds perfect for distributing malware via browser:
Description: Multiple Vulnerabilities have been identified in Apple
Mac OS X in several of its components. Specially crafted input or
data handled by one of these components could trigger vulnerability,
leading to a variety of exploitable conditions. ...

(b) There is a memory corruption error in Resource Manager, in its handling of resource forks. ...

(e) There is an integer overflow error in Core Graphics, in the way it processes PDF files. (f) There is a heap overflow error in CoreGraphics caused by drawing of long text strings. ...

(i) Multiple vulnerabilities have been identified in the Adobe Flash Player
plug-in. Some of these vulnerabilities might lead to remote code
execution. ...

(k) There is a design issue in launch Services, which may cause an unsafe file
to be opened automatically. (l) There is a design issue in Launch Services as a result of which there is no warning displayed while attempting to open a downloaded content that's unsafe. (m) There is an implementation issue in MySQL that might lead to escalation of privilege.
Yikes. I'd think that any Black Hat worth his salt would be able to craft a poisoned PDF or Flash (think YouTube) file that would silently download and run, and maybe escalate its privilege. Sound familiar?

So Mac users want to take a quick visit over to Apple for a heapin' helpin' of security. Srlsy.

No comments:

Post a Comment

Remember your manners when you post. Anonymous comments are not allowed because of the plague of spam comments.