Wondering where the Mac fanboys are?

http://www.eweek.com/article2/0,1895,2064969,00.asp

Change the words Apple to Microsoft and words like OSX to XP and it reads like a Microsoft patch, no? I like the Mac OS, just a wee reminder that it is as vulnerable as ANY operating system.


Apple Computer has shipped a monster security update to correct a total of 22 vulnerabilities in its Mac OS X operating system.

The Cupertino, Calif, company's patch batch includes a fix for a critical Wi-Fi flaw affecting eMac, iBook, iMac, PowerBook G3, PowerBook G4 and Power Mac G4 systems.

ADVERTISEMENT The Wi-Fi flaw, first exposed at the beginning of the Month of Kernel Bugs project, was discovered and reported by Metasploit's HD Moore.

Apple confirmed that the issue is a heap buffer overflow that exists in the AirPort wireless driver's handling of probe response frames.

"An attacker in local proximity may be able to trigger the overflow by sending maliciously crafted information elements in probe responses," the company said in its advisory. The flaw does not affect systems with the AirPort Extreme card.

Click here to read more about the original warning about the Apple Wi-Fi vulnerability.

Four vulnerabilities in the ATS (Apple Type Services) server were also covered, the most serious being a stack buffer overflow in font processing that could cause code execution attacks.

"By carefully crafting a corrupt font file, an attacker can trigger the buffer overflow which may lead to a crash or arbitrary code execution with system privileges," the company warned, nothing that font files are processed when opened or previewed in Finder.

Building an Integrated IT Security Strategy for 2007: eSeminars invites you to join this virtual tradeshow on November 30, and learn how to reduce security costs and mitigate the risks associated with users and their access rights across your entire organization. Click here for more.

A separate code execution bug in Finder was also fixed. Apple said the vulnerability could lead to a Mac OS X hijack even if the target user is simply browsing a shared directory.

"By enticing a user to browse a directory containing a maliciously crafted '.DS_Store' file, an attacker may be able to trigger the overflow. This could lead to an application crash or arbitrary code execution with the privileges of the user running Finder," the advisory said.

The update provides fixes for four Security Framework flaws, a bug in WebKit, a ClamAV vulnerability and a bug in CFNetwork.

It also covers a hole in FTPd that occurs when FTP access is enabled; a GNUzip bug that occurs when files are uncompressed; an Installer vulnerability that could lead to privilege escalation attacks; and multiple holes in OpenSSL, PHP, Perl, PPP (Point-to-Point Protocol), Samba and VPN.

 

http://www.securityfocus.com/brief/366

IAdware Trojan aims for Macs

Online fraudsters may be ready to put Mac users in their sights.

On Thursday, antivirus firm F-Secure published a brief analysis of a proof-of-concept adware program for the Mac OS X that could theoretically hook into any application to run attacker-specified code. The program, dubbed IAdware by F-Secure, could be silently installed in a user's account without requiring administrator rights.

"We won't disclose the exact technique used here--it's a feature not a bug--but let's just say that installing a System Library shouldn't be allowed without prompting the user," stated F-Secure in the blog post. "Especially as it only requires Copy permissions."

Vulnerability researchers have increasingly focused on finding flaws in the Mac OS. During the month of November, two serious flaws in Apple's operating system were disclosed as part of the Month of Kernel Bugs (MoKB) project. Researchers and attackers have also focused more on turning vulnerabilities into exploit code, according to a recent report published by Symantec, the owner of SecurityFocus.

The IAdware proof-of-concept code did nothing malicious, but merely opened up a browser each time an application was opened, F-Secure stated.