December 4, 2016

Apple Releases Security Updates for OS X

(LiveHacking.Com) – Apple has released security updates for Apple OS X Lion 10.7 and Mac OS X Snow Leopard 10.6 to fix multiple vulnerabilities. These vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, and bypass security restrictions. The update is an amalgamation of recent security updates for several different components used by Apple (including Apache and PHP) along with fixes for Apple’s own code.

3rd Party

This release brings some of OS X’s third party components up to date including:

Apache: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Apache disabled the ’empty fragment’ countermeasure which prevented these attacks. This issue is addressed by providing a configuration parameter to control the countermeasure and enabling it by default.

PHP is updated to version 5.3.8 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. However, it is worth noting that PHP 5.3.10 has since been released to fix the hash table collisions problem that affected all the popular Web programming languages (including PHP, ASP.NET, Ruby and Python).

SquirrelMail is updated to version 1.4.22 to address several vulnerabilities, the most serious of which is a cross-site scripting issue. This issue does not affect OS X Lion systems.

Tomcat is updated to version 6.0.33 to address multiple vulnerabilities, the most serious of which may lead to the disclosure of sensitive information. Tomcat is only provided on Mac OS X Server systems.

X11: A memory corruption issue existed in FreeType’s handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.7.

The update also revokes the trust for root certificates issued by DigiCert Malaysia. Two certificate authorities in the list of trusted root certificates have independently issued intermediate certificates to DigiCert Malaysia. Back in November it was discovered that DigiCert Malaysia had issued certificates with weak keys that it was unable to revoke.

Apple

Apple components that are updated include:

Address Book supports Secure Sockets Layer (SSL) for accessing CardDAV. A downgrade issue caused Address Book to attempt an unencrypted connection if an encrypted connection failed. An attacker in a privileged network position could abuse this behavior to intercept CardDAV data. This issue is addressed by not downgrading to an unencrypted connection without user approval.

CoreAudio: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution. A buffer overflow existed in the handling of AAC encoded audio streams.

CoreMedia: A heap buffer overflow existed in CoreMedia’s handling of H.264 encoded movie files.

QuickTime has been updated to resolve several issues including:

  • Opening a maliciously crafted MP4 encoded file may lead to an unexpected application termination or arbitrary code execution. An uninitialized memory access issue existed in the handling of MP4 encoded files.
  • Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. A signedness issue existed in the handling of font tables embedded in QuickTime movie files.
  • Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution. A buffer overflow existed in the handling of JPEG2000 files.
  • Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution. A buffer overflow existed in the handling of PNG files.

Time Machine: The user may designate a remote AFP volume or Time Capsule to be used for Time Machine backups. Time Machine did not verify that the same device was being used for subsequent backup operations. An attacker who is able to spoof the remote volume could gain access to new backups created by the user’s system. This issue is addressed by verifying the unique identifier associated with a disk for backup operations.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks