Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Security Update 2006-007 Available
- Thread starter MacRumors
- Start date
- Sort by reaction score
Nice to see Apple crediting the people who reported the vulnerabilities in the Tech note. I don't remember them doing that before, tho I may be wrong.
And thanks to those guys for taking the time to report them
And thanks to those guys for taking the time to report them
I'm also on a core duo macbook, worked just fine fore me. It didn't even do that double reboot thing this time 
but all seams well so far, no terrifying sounds either.
Now on my windows machine MP11 I am completely disapointed with, whatever codec they are using now sounds really... oh let's say mucky? sure I'll do with that.
but all seams well so far, no terrifying sounds either.
Now on my windows machine MP11 I am completely disapointed with, whatever codec they are using now sounds really... oh let's say mucky? sure I'll do with that.
They have been giving credit for as long as I can remember. I agree, it is a nice gesture.
If there is a flaw found with Windows microsoft offer an update 1year later "Service Pack 1,000,000" when Mac OS X has a flaw Apple fix it within a week
Just more proof that any computer, even if it runs Linux or OS X, is just as vulnerable as any computer running Windows.
It could be a problem somewhere else on the network too. Have you tried a direct download to bypass the Software Update servers?
Hopefully these don't force me to validate my copy of OSX...
I paid for my XP you MS-mother%&$&*(!!!!!!!!!
Didn't you pay for your copy of Mac OS X, directly or indirectly?
Anyway, those are a lot of changes. Hopefully, they'll get to the others made public recently soon.
Security Update 2006-007: Details
AirPort - Attackers on the wireless network may cause arbitrary code execution
ATS - Local users may be able overwrite or create files with system privileges
ATS - Local users may be able to run arbitrary code with raised privileges
ATS - Viewing maliciously-crafted font files may lead to arbitrary code execution
CFNetwork - Visiting FTP URIs may inject arbitrary FTP commands
ClamAV - Processing maliciously-crafted email messages with ClamAV may lead to arbitrary code execution
Finder - Browsing a shared directory may lead to an application crash or arbitrary code execution
ftpd - When FTP Access is enabled, unauthorized users may determine account name validity
gnuzip - Uncompressing a file with gunzip may lead to an application crash or arbitrary code execution
Installer - When installing software as an Admin user, system privileges may be used without explicit authorization
OpenSSL - Multiple vulnerabilities in OpenSSL
perl - Perl applications with unsafe string handling may be vulnerable to arbitrary code execution
PHP - PHP applications may be vulnerable to denial of service or arbitrary code execution
PHP - PHP applications may be vulnerable to arbitrary code execution
PPP - Using PPPoE on an untrusted local network may lead to arbitrary code execution
Samba - When Windows Sharing is enabled, remote attackers may cause a denial of service
Security Framework - Secure Transport may not negotiate the best cipher available
Security Framework - Processing X.509 certificates may lead to a denial of service
Security Framework - When using an HTTP proxy, certificate revocation lists cannot be retrieved
Security Framework - Certain revoked certificates may be erroneously honored
VPN - Malicious local users may gain system privileges
WebKit - Visiting a malicious web site may lead to arbitrary code execution
AirPort - Attackers on the wireless network may cause arbitrary code execution
A heap buffer overflow exists in the AirPort wireless driver's handling of probe response frames. An attacker in local proximity may be able to trigger the overflow by sending maliciously-crafted information elements in probe responses. This issue affects eMac, iBook, iMac, PowerBook G3, PowerBook G4, and Power Mac G4 systems equipped with an original AirPort card. This issue does not affect systems with the AirPort Extreme card. This update addresses the issue by performing additional validation of probe response frames.
ATS - Local users may be able overwrite or create files with system privileges
The Apple Type Services server insecurely creates error log files. As a result, a malicious local user may be able to overwrite or create files with system privileges. This update addresses the issue by creating error logs securely.
ATS - Local users may be able to run arbitrary code with raised privileges
Multiple buffer overflows were discovered in Apple Type Services server. By sending a maliciously-crafted service request, a local user may trigger these overflows. This may lead to a crash or arbitrary code execution with system privileges. This update addresses the issue by performing additional validation on service requests. This issue does not affect systems prior to Mac OS X v10.4.
ATS - Viewing maliciously-crafted font files may lead to arbitrary code execution
The Apple Type Services server contains a stack buffer overflow in font processing. By carefully crafting a corrupt font file, an attacker can trigger the buffer overflow which may lead to a crash or arbitrary code execution with system privileges. Font files are processed when opened or previewed in Finder. This update addresses the issue by performing additional validation of font files.
CFNetwork - Visiting FTP URIs may inject arbitrary FTP commands
By enticing a user to access a maliciously-crafted FTP URI, an attacker can cause the user's FTP client to issue arbitrary FTP commands to any accessible FTP server, using the credentials of the victim. This issue may also facilitate attacks of other line oriented protocols, such as SMTP. This update addresses the issue by performing additional validation of URIs.
ClamAV - Processing maliciously-crafted email messages with ClamAV may lead to arbitrary code execution
ClamAV is updated to version 0.88.5 to address several security issues. ClamAV was introduced in Mac OS X Server v10.4 for email scanning. The most severe of these issues could lead to arbitrary code execution with the privileges of ClamAV. Further information is available on the ClamAV project web site (http://www.clamav.net).
Finder - Browsing a shared directory may lead to an application crash or arbitrary code execution
A heap buffer overflow may be triggered when the Finder is used to browse a directory containing a corrupt ".DS_Store" file. By enticing a user to browse a directory containing a maliciously-crafted ".DS_Store" file, an attacker may be able to trigger the overflow. This could lead to an application crash or arbitrary code execution with the privileges of the user running Finder. ".DS_Store" files may be included in archives, on disk images, and on network file systems. This update addresses the issue by performing additional validation of ".DS_Store" files.
ftpd - When FTP Access is enabled, unauthorized users may determine account name validity
When attempting to authenticate a valid user, the FTP server may crash during a failed login attempt. The crash does not occur when attempting to authenticate unknown users. This behavior can be used to determine if an account name is valid. This issue is addressed by resolving the crash condition. FTP Access is not enabled by default. Mac OS X Server v10.3.9, Mac OS X v10.4, Mac OS X Server v10.4, and later systems are not affected.
gnuzip - Uncompressing a file with gunzip may lead to an application crash or arbitrary code execution
By carefully crafting a malicious compressed file, an attacker may be able to trigger any of several vulnerabilities in gunzip when the file is processed. The most severe of these issues could lead to an application crash or arbitrary code execution. Many applications use the gunzip command for decompression, including command-line tools such as tar and services such as Mail Server. This update addresses the issue by performing additional validation of compressed files.
Installer - When installing software as an Admin user, system privileges may be used without explicit authorization
Admin users are normally required to authenticate before executing commands with system privileges. However, the Installer allows system privileges to be used by Admin users when installing certain packages without requiring authentication. This update addresses the issue by requiring authentication before installing software with system privileges.
OpenSSL - Multiple vulnerabilities in OpenSSL
OpenSSL is updated to version 0.9.7l to address several critical vulnerabilities. The most severe of these vulnerabilities may lead to impersonation of services using SSL or TLS, or to arbitrary code execution. Further information is available via OpenSSL advisories at http://www.openssl.org/news/vulnerabilities.html.
perl - Perl applications with unsafe string handling may be vulnerable to arbitrary code execution
An integer overflow exists in Perl's format string functionality. This integer overflow may lead to arbitrary code execution in Perl applications which use format strings unsafely. This update addresses the issue by performing additional validation of uses of format strings.
PHP - PHP applications may be vulnerable to denial of service or arbitrary code execution
PHP is updated to version 4.4.4 to address several security issues in the Apache module and scripting environment. Applications using affected APIs may be vulnerable. The most severe of the vulnerabilities may lead to arbitrary code execution. Further information is available on the PHP project web site (http://www.php.net).
PHP - PHP applications may be vulnerable to arbitrary code execution
Buffer overflows exist in the htmlentities() and htmlspecialchars() functions. These buffer overflows may lead to arbitrary code execution in applications using the affected APIs. This update addresses the issue by performing additional validation of input to the affected APIs.
PPP - Using PPPoE on an untrusted local network may lead to arbitrary code execution
When PPPoE is enabled, an attacker on the local network may be able to trigger a buffer overflow. This could lead to a system crash or arbitrary code execution with system privileges. This update addresses the issue by performing better validation on PPPoE traffic. PPPoE is not enabled by default.
Samba - When Windows Sharing is enabled, remote attackers may cause a denial of service
The list of active connections tracked by Windows Sharing may grow unbounded. An attacker may be able to create many connections, leading to memory exhaustion and a denial of service. This update addresses the issue by limiting the number of active connections. Windows Sharing is not enabled by default.
Security Framework - Secure Transport may not negotiate the best cipher available
Secure Transport provides the ability to encrypt and authenticate data using several ciphers. When a connection is made, the best mutually-supported cipher should be used. Due to the order they are evaluated, it is possible for Secure Transport to use a cipher that provides no encryption or authentication when better ciphers are available. This update addresses the issue by giving priority to better ciphers. Applications using Secure Transport through CFNetwork, such as Safari, are not affected by this issue on systems with Security Update 2006-006 or later. This issue does not affect systems using Mac OS X v10.4.8 and later.
Security Framework - Processing X.509 certificates may lead to a denial of service
It is possible to create an X.509 certificate containing a public key that could consume a significant amount of system resources during signature verification. An attacker may cause a system to process such a certificate, leading to a denial of service. This issue does not affect systems prior to Mac OS X v10.4.
Security Framework - When using an HTTP proxy, certificate revocation lists cannot be retrieved
On systems that are configured to use an HTTP proxy, the Online Certificate Status Protocol (OCSP) service is unable to retrieve certificate revocation lists. This update addresses this issue by using the system proxy settings in ocpsd. This issue does not affect systems prior to Mac OS X v10.4.
Security Framework - Certain revoked certificates may be erroneously honored
The revocation list from an issuing authority may not be consulted for certain leaf certificates. This update addresses the issue through improved handling of the certificate revocation list. This issue does not affect Mac OS X v10.4.7 and later systems.
VPN - Malicious local users may gain system privileges
Under certain circumstances, the VPN server may execute commands without properly cleaning the environment. This may allow a malicious local user to create files or execute commands with system privileges. This update addresses the issue by ignoring the user's environment when executing commands.
WebKit - Visiting a malicious web site may lead to arbitrary code execution
A maliciously-crafted HTML document could cause a previously deallocated object to be accessed. This may lead to an application crash or arbitrary code execution. This update addresses the issue by properly handling such documents.
Updated on PowerPC (PowerBook 17" G4 1 GHz) and Intel (iMac 20" 2.16GHz) machines without any problems.
When I hit "OK" after entering my password there was the blinds effect and I was told my computer needed to be restarted. So I did. Now Firefox has a different font. Weird. Trying again...
...OK worked that time.
...OK worked that time.
It didn't even do that double reboot thing this time
Thats only for Firmware Updates.
This is the first security update as a Mac user. I had a choppy but expected restart. The restart lasted almost 2 minutes instead of the of the regular restart of 30 seconds upon hitting the confirmation button. At least it's twice as fast as my Sony PC applying security updates and just as fast as a regular reboot off my Sony PC.
All computers usually restart a little slow after OS updates and security updates.
Because they have to restart and lose their uptime.
so much for my 38 day uptime
I'd be mad too if it wasn't for my dad rebooting my computer over the weekend and losing my 51 day uptime, even though I told him not to restart or shutdown. Ugh...
You lose that crucial uptime, leaving you to start all over again at breaking your personal best..
This is the first security update as a Mac user. I had a choppy but expected restart. The restart lasted almost 2 minutes instead of the of the regular restart of 30 seconds upon hitting the confirmation button. At least it's twice as fast as my Sony PC applying security updates and just as fast as a regular reboot off my Sony PC.
I always get a little edgy when the reboot takes longer than usual... I was with a lot of people when Apple released 10.2.x and the machine stalled while restarting