Microsoft released a bumper set of security fixes on Tuesday and today it was Apple’s turn with fixes for OS X, Safari and iOS. The update for OS X was to block the fraudulent SSL certificates stolen from Comodo (better late than never), Safari 5.0.5 fixes two vulnerabilities in WebKit and iOS has been updated to 4.3.2 to block the stolen Comodo certificates and to fix other vulnerabilities.
Security Update 2011-002 applies to Mac OS X v10.5.8 and Mac OS X v10.6.7 and does nothing else other than to blacklist the fraudulent Comodo certificates.
Safari has been updated to 5.0.5 for Mac OS X v10.5.8, Mac OS X v10.6.5 or later, Windows 7, Vista and XP. Two vulnerabilities have been fixed in WebKit:
- An integer overflow issue existed in the handling of nodesets. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
- A use after free issue existed in the handling of text nodes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
iOS 4.3.2 fixed the same to flaws listed above (as Safari on the desktop shares a lot of the same code as Safari that is built into iOS, blocked the Comodo certificates and fixed a vulnerability in libxslt and one in QuickLook:
- libxslt’s implementation of the generate-id() XPath function disclosed the address of a heap buffer. Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap, which may aid in bypassing address space layout randomization protection. This issue is addressed by generating an ID based on the difference between the addresses of two heap buffers.
- A memory corruption issue existed in QuickLook’s handling of Microsoft Office files. Viewing a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution.
The latter problem is likely to be the one used by Charlie Miller at this years Pwn20wn contest.