Stella said:
The other sort of hacking (haxie-ing?) - I modified my Safari. But the update's showing up now so it doesn't matter
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Security Update 2005-007 Released
- Thread starter MacRumors
- Start date
- Sort by reaction score
The other sort of hacking (haxie-ing?) - I modified my Safari. But the update's showing up now so it doesn't matter
Perfect!
Simply perfect, 2 minutes (plus 1 for permission repairs, one before, another after) to download, install and optimize...no problems whatsoever on my iMac G5...GO APPLE!
Simply perfect, 2 minutes (plus 1 for permission repairs, one before, another after) to download, install and optimize...no problems whatsoever on my iMac G5...GO APPLE!
SAFT issue?
Anyone having an issue with SAFT for 10.4.2? [Safari extender thingy]
I get the error message "SAFT DOES NOT SUPPORT SAFARI v.412.2.2. SO IT WILL NOT LOAD." Even tho' I downloaded and installed the updated SAFT version, and it has worked flawlessly.
Might just be me. Other than that, everything seems great.
Anyone having an issue with SAFT for 10.4.2? [Safari extender thingy]
I get the error message "SAFT DOES NOT SUPPORT SAFARI v.412.2.2. SO IT WILL NOT LOAD." Even tho' I downloaded and installed the updated SAFT version, and it has worked flawlessly.
Might just be me. Other than that, everything seems great.
Erased hard drive, FTP stops working?
You must not have been around for that Mac OS X update a couple years ago that erased everybodys hard drives if they had spaces in the names.
You also must not have been using the built-in FTP server when that Mac OS X update came out last year that caused the FTP server to stop working.
These things are inevitable. It's smart to wait a couple days if there's not an immediately pressing issue (such as a exploit in the wild.)
TyWahn said:
You must not have been around for that Mac OS X update a couple years ago that erased everybodys hard drives if they had spaces in the names.
You also must not have been using the built-in FTP server when that Mac OS X update came out last year that caused the FTP server to stop working.
These things are inevitable. It's smart to wait a couple days if there's not an immediately pressing issue (such as a exploit in the wild.)
Excluding changes that apply only to OS X Server, here are the details:
AppKit
Opening a malicious, rich text file could lead to arbitrary code execution.
A buffer overflow in the handling of maliciously crafted rich text files could lead to arbitrary code execution. This update prevents the buffer overflow from occuring.
AppKit
Opening a maliciously crafted Microsoft Word .doc file could result in arbitrary code execution.
A buffer overflow in AppKit that is responsible for reading Word documents could allow arbitrary code execution. Only applications such as TextEdit that use AppKit to open Word documents are vulnerable. Microsoft Word for Mac OS X is not vulnerable. This update prevents the buffer overflow.
AppKit
A malicious user with physical access to a system could create additional local accounts.
A malicious user who has full physical access to a system could create additional accounts by forcing an error condition. This update prevents the error conditions from occurring at the login window.
Bluetooth
The System Profiler information about whether or not a Bluetooth device requires authentication is misleading.
Selecting "Require pairing for security" in Bluetooth preferences correctly sets the device to require authentication, but in System Profiler the device is labeled with "Requires Authentication: No." This update changes System Profiler to accurately reflect the Bluetooth security settings. This issue does not affect systems prior to Mac OS X 10.4. Credit to John M. Glenn of San Francisco for reporting this issue.
CoreFoundation
Buffer overflow via a command line argument for applications using the CoreFoundation framework.
The incorrect handling of a command line argument within the CoreFoundation framework can result in a buffer overflow that may be used to execute arbitrary code. This issue has been addressed by improved handling of command line arguments. This issue does not affect Mac OS X 10.4. Credit to David Remahl of www.remahl.se/david for reporting this issue.
CoreFoundation
Passing a malformed date to the CoreFoundation framework can cause applications to stall.
The parsing of Gregorian dates in the CoreFoundation framework is vulnerable to an algorithmic complexity attack that could result in a denial of service. This update modifies the algorithm to parse all valid dates within a fixed processing time. Credit to David Remahl of www.remahl.se/david for reporting this issue.
CUPS
The CUPS printing service will not print unless it is restarted.
When handling multiple, simultaneous, print jobs, the CUPS printing service can stop printing because it incorrectly tracks open file descriptors. In addition, if CUPS receives a partial IPP request and a client terminates the connection, the printing service will then consume all available CPUs. If the service is restarted, then printing will resume. This update corrects the handling of multiple, simultaneous print jobs and partial requests.
Directory Services
The privileged tool dsidentity has several security flaws that can result in non-administrative users adding or removing identity user accounts in Directory Services.
This update addresses this issue by removing dsidentity and its documentation. This issue does not affect systems prior to Mac OS X 10.4. Credit to kf_lists[at]digitalmunition[dot]com and Neil Archibald of Suresec LTD for reporting this issue.
HItoolbox
VoiceOver may read content from secure input fields.
Under certain circumstances, secure input fields may be read by VoiceOver services. This update stops VoiceOver from exposing the content of these fields. This issue does not affect systems prior to Mac OS X v10.4.
Kerberos
An authenticated user could execute arbitrary code on the KDC host, compromising a Kerberos realm.
A heap buffer overflow in password history handling code could be exploited to execute arbitrary code on a Key Distribution Center (KDC). This issue does not affect Mac OS X 10.4. Credit to the MIT Kerberos team for reporting this isue. Their advisory for this vulnerability is located at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-004-pwhist.txt
Kerberos
Multiple buffer overflow vulnerabilities could result in denial of service or remote compromise of a KDC.
This update upgrades Kerberos for Macintosh to version 5.5.1, which contains fixes for this issue. The Kerberos security advisories for these issues are located at http://web.mit.edu/kerberos/www/advisories/
Kerberos
Kerberos-enabled logins when using LDAP can result in root compromise.
When Kerberos authentication is enabled in addition to LDAP, it was possible to gain access to a root Terminal window. Kerberos authentication has been updated to prevent this situation. This issue does not affect systems prior to Mac OS X v10.4. Credit to Jim Foraker of Carnegie Mellon University and colleagues at MacEnterprise.Org for reporting this issue.
loginwindow
A user can gain access to other logged-in accounts if Fast User Switching is enabled.
An error in the handling of Fast User Switching can allow a local user who knows the password for two accounts to log into a third account without knowing the password. This update corrects the authentication error. This issue does not affect systems prior to Mac OS X 10.4. Credit to Sam McCandlish for reporting this issue.
Mail
Loss of privacy due to Mail loading remote images in HTML emails.
When Mail.app is used to print or forward an HTML message, it will attempt to load remote images even if a user's preferences disallow it. As this network traffic is not expected, it may be considered a privacy leak. This update addresses the issue by having Mail.app only load remote images in HTML messages when the preferences allow it. This issue does not affect systems prior to Mac OS X v10.4. Credit to Brad Miller of CynicalPeak and John Pell of Foreseeable Solutions for reporting this issue.
OpenSSL
Multiple denial of service vulnerabilities in OpenSSL.
OpenSSL is updated to version 0.9.7g to address several issues. The OpenSSL advisory for these issues is located at http://www.openssl.org/news/secadv_20040317.txt
ping
A buffer overflow could result in local privilege escalation and arbitrary code execution.
The ping utility is vulnerable to a buffer overflow. This update prevents the buffer overflow from occurring. This issue does not affect systems running Mac OS X v10.4. Credit to Neil Archibald of Suresec LTD for reporting this issue.
QuartzComposerScreenSaver
Users could open webpages while the RSS Visualizer screen saver is locked.
It is possible to open displayed links from the RSS Visualizer in the background when the screen saver is configured to require a password. This update prevents the RSS Visualizer screen saver from opening a URL if a password is required to exit the screen saver. Credit to Jay Craft of GrooVault Entertainment, LLC for reporting this issue.
Safari
Clicking on a link in a maliciously-crafted rich text file in Safari could lead to arbitrary command execution.
Safari renders rich text content using code that allows URLs to be called directly, which bypasses the normal browser security checks. This update addresses the issue by handling all links in rich text through Safari.
Safari
Information can be inadvertently submitted to the wrong site.
When submitting forms in Safari on an XSL formatted page, data is sent to the next page browsed. This update addresses the issue by ensuring that form contents are submitted correctly. Credit to Bill Kuker for reporting this issue.
SecurityInterface
Recently-used passwords are visible via the password assistant.
The password assistant provides an easy mechanism for selecting a good password. If an administrator uses the password assistant while adding multiple accounts, they will be able to view previously suggested passwords. This only occurs when password assistant is used more than once from the same process. This update addresses the issue by resetting the suggested password list each time the password assistant is displayed. This issue does not affect systems prior to Mac OS X v10.4. Credit to Andrew Langmead of Boston.com for reporting this issue.
traceroute
A buffer overflow could result in local privilege escalation and arbitrary code execution.
The traceroute utility is vulnerable to a buffer overflow. This update prevents the buffer overflow from occurring. This issue does not affect systems running Mac OS X v10.4. Credit to Neil Archibald of Suresec LTD for reporting this issue.
WebKit
Clicking on a link in a maliciously-crafted PDF file in Safari could lead to arbitrary command execution.
Safari renders PDF content using code that allows URLs to be called directly, which bypasses the normal browser security checks. This Safari issue does not affect systems prior to Mac OS X v10.4. This update addresses the issue by handling all links in PDF through Safari.
X11
A buffer overflow could result in arbitrary code execution.
An error in LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. This issue does not affect systems prior to Mac OS X v10.4.
zlib
Applications linked against zlib are susceptible to denial of service attacks and potential execution of arbitrary code.
By carefully crafting a corrupt compressed data stream, an attacker can overwrite data structures in a zlib-using application, resulting in denial of service or possible arbitrary code execution. This update address the issue by updating zlib to version 1.2.3.
AppKit
Opening a malicious, rich text file could lead to arbitrary code execution.
A buffer overflow in the handling of maliciously crafted rich text files could lead to arbitrary code execution. This update prevents the buffer overflow from occuring.
AppKit
Opening a maliciously crafted Microsoft Word .doc file could result in arbitrary code execution.
A buffer overflow in AppKit that is responsible for reading Word documents could allow arbitrary code execution. Only applications such as TextEdit that use AppKit to open Word documents are vulnerable. Microsoft Word for Mac OS X is not vulnerable. This update prevents the buffer overflow.
AppKit
A malicious user with physical access to a system could create additional local accounts.
A malicious user who has full physical access to a system could create additional accounts by forcing an error condition. This update prevents the error conditions from occurring at the login window.
Bluetooth
The System Profiler information about whether or not a Bluetooth device requires authentication is misleading.
Selecting "Require pairing for security" in Bluetooth preferences correctly sets the device to require authentication, but in System Profiler the device is labeled with "Requires Authentication: No." This update changes System Profiler to accurately reflect the Bluetooth security settings. This issue does not affect systems prior to Mac OS X 10.4. Credit to John M. Glenn of San Francisco for reporting this issue.
CoreFoundation
Buffer overflow via a command line argument for applications using the CoreFoundation framework.
The incorrect handling of a command line argument within the CoreFoundation framework can result in a buffer overflow that may be used to execute arbitrary code. This issue has been addressed by improved handling of command line arguments. This issue does not affect Mac OS X 10.4. Credit to David Remahl of www.remahl.se/david for reporting this issue.
CoreFoundation
Passing a malformed date to the CoreFoundation framework can cause applications to stall.
The parsing of Gregorian dates in the CoreFoundation framework is vulnerable to an algorithmic complexity attack that could result in a denial of service. This update modifies the algorithm to parse all valid dates within a fixed processing time. Credit to David Remahl of www.remahl.se/david for reporting this issue.
CUPS
The CUPS printing service will not print unless it is restarted.
When handling multiple, simultaneous, print jobs, the CUPS printing service can stop printing because it incorrectly tracks open file descriptors. In addition, if CUPS receives a partial IPP request and a client terminates the connection, the printing service will then consume all available CPUs. If the service is restarted, then printing will resume. This update corrects the handling of multiple, simultaneous print jobs and partial requests.
Directory Services
The privileged tool dsidentity has several security flaws that can result in non-administrative users adding or removing identity user accounts in Directory Services.
This update addresses this issue by removing dsidentity and its documentation. This issue does not affect systems prior to Mac OS X 10.4. Credit to kf_lists[at]digitalmunition[dot]com and Neil Archibald of Suresec LTD for reporting this issue.
HItoolbox
VoiceOver may read content from secure input fields.
Under certain circumstances, secure input fields may be read by VoiceOver services. This update stops VoiceOver from exposing the content of these fields. This issue does not affect systems prior to Mac OS X v10.4.
Kerberos
An authenticated user could execute arbitrary code on the KDC host, compromising a Kerberos realm.
A heap buffer overflow in password history handling code could be exploited to execute arbitrary code on a Key Distribution Center (KDC). This issue does not affect Mac OS X 10.4. Credit to the MIT Kerberos team for reporting this isue. Their advisory for this vulnerability is located at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-004-pwhist.txt
Kerberos
Multiple buffer overflow vulnerabilities could result in denial of service or remote compromise of a KDC.
This update upgrades Kerberos for Macintosh to version 5.5.1, which contains fixes for this issue. The Kerberos security advisories for these issues are located at http://web.mit.edu/kerberos/www/advisories/
Kerberos
Kerberos-enabled logins when using LDAP can result in root compromise.
When Kerberos authentication is enabled in addition to LDAP, it was possible to gain access to a root Terminal window. Kerberos authentication has been updated to prevent this situation. This issue does not affect systems prior to Mac OS X v10.4. Credit to Jim Foraker of Carnegie Mellon University and colleagues at MacEnterprise.Org for reporting this issue.
loginwindow
A user can gain access to other logged-in accounts if Fast User Switching is enabled.
An error in the handling of Fast User Switching can allow a local user who knows the password for two accounts to log into a third account without knowing the password. This update corrects the authentication error. This issue does not affect systems prior to Mac OS X 10.4. Credit to Sam McCandlish for reporting this issue.
Loss of privacy due to Mail loading remote images in HTML emails.
When Mail.app is used to print or forward an HTML message, it will attempt to load remote images even if a user's preferences disallow it. As this network traffic is not expected, it may be considered a privacy leak. This update addresses the issue by having Mail.app only load remote images in HTML messages when the preferences allow it. This issue does not affect systems prior to Mac OS X v10.4. Credit to Brad Miller of CynicalPeak and John Pell of Foreseeable Solutions for reporting this issue.
OpenSSL
Multiple denial of service vulnerabilities in OpenSSL.
OpenSSL is updated to version 0.9.7g to address several issues. The OpenSSL advisory for these issues is located at http://www.openssl.org/news/secadv_20040317.txt
ping
A buffer overflow could result in local privilege escalation and arbitrary code execution.
The ping utility is vulnerable to a buffer overflow. This update prevents the buffer overflow from occurring. This issue does not affect systems running Mac OS X v10.4. Credit to Neil Archibald of Suresec LTD for reporting this issue.
QuartzComposerScreenSaver
Users could open webpages while the RSS Visualizer screen saver is locked.
It is possible to open displayed links from the RSS Visualizer in the background when the screen saver is configured to require a password. This update prevents the RSS Visualizer screen saver from opening a URL if a password is required to exit the screen saver. Credit to Jay Craft of GrooVault Entertainment, LLC for reporting this issue.
Safari
Clicking on a link in a maliciously-crafted rich text file in Safari could lead to arbitrary command execution.
Safari renders rich text content using code that allows URLs to be called directly, which bypasses the normal browser security checks. This update addresses the issue by handling all links in rich text through Safari.
Safari
Information can be inadvertently submitted to the wrong site.
When submitting forms in Safari on an XSL formatted page, data is sent to the next page browsed. This update addresses the issue by ensuring that form contents are submitted correctly. Credit to Bill Kuker for reporting this issue.
SecurityInterface
Recently-used passwords are visible via the password assistant.
The password assistant provides an easy mechanism for selecting a good password. If an administrator uses the password assistant while adding multiple accounts, they will be able to view previously suggested passwords. This only occurs when password assistant is used more than once from the same process. This update addresses the issue by resetting the suggested password list each time the password assistant is displayed. This issue does not affect systems prior to Mac OS X v10.4. Credit to Andrew Langmead of Boston.com for reporting this issue.
traceroute
A buffer overflow could result in local privilege escalation and arbitrary code execution.
The traceroute utility is vulnerable to a buffer overflow. This update prevents the buffer overflow from occurring. This issue does not affect systems running Mac OS X v10.4. Credit to Neil Archibald of Suresec LTD for reporting this issue.
WebKit
Clicking on a link in a maliciously-crafted PDF file in Safari could lead to arbitrary command execution.
Safari renders PDF content using code that allows URLs to be called directly, which bypasses the normal browser security checks. This Safari issue does not affect systems prior to Mac OS X v10.4. This update addresses the issue by handling all links in PDF through Safari.
X11
A buffer overflow could result in arbitrary code execution.
An error in LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. This issue does not affect systems prior to Mac OS X v10.4.
zlib
Applications linked against zlib are susceptible to denial of service attacks and potential execution of arbitrary code.
By carefully crafting a corrupt compressed data stream, an attacker can overwrite data structures in a zlib-using application, resulting in denial of service or possible arbitrary code execution. This update address the issue by updating zlib to version 1.2.3.
Stridder44 said:
Probably someone complaining that the security holes were there in the first place
TyWahn said:
Remember 10.3.8?
Remember 10.2.8?
Remember FireWire800 problems?
Remember...
There have been times when it was good not to be the first to update...
Be afraid. Be very afraid. Paranoia isn't just a way of life, it's a good idea.
Another positive report here from a Powerbook G4 with 10.4.2, bought in May.
The RTF bug looks like a pretty nasty one TBH. Glad they've caught it at least.
Being a recent switcher...are hackers of Mac OS X more inclined to inform Apple of problems rather than exploit them? More a case of supporting a platform than trying to bring it down (as in Windows). Or is there no discrimination?
Wildly OT I know
The RTF bug looks like a pretty nasty one TBH. Glad they've caught it at least.
Being a recent switcher...are hackers of Mac OS X more inclined to inform Apple of problems rather than exploit them? More a case of supporting a platform than trying to bring it down (as in Windows). Or is there no discrimination?
Wildly OT I know
Stella said:
I know that. I make a living as a software developer, but also being a developer I understand how scary buffer overflows can be. Its not really to hard to do it. For example the appKit opening a text file overflow, the hardest part would be figuring out what you would need to cause the overflow. Perhaps having a data after the end of file marker? That would be my guess. Then just keep shoving 00 on to the end of the buffer, wait for the program to crash, examine the core dump, get the IP, insert a jump, and some evil assembly code. Done.. virus. A virus in a text file at that.
Bugs happen, but buffer overflows should never happen. As a developer you always check the length of user exposed data. Period. Never copy something on to the heap if you do not know its size.
Hmm, much more snappy!
Seriously, why can't they fix Safari so it doesn't lock up. Then again, Firefox locks up too, oh, and Illustrator and Dreamweaver do too. Nothing really changes. OK, back to watching Cape Fear (1991) here in London on ITV2. DeNiro is the only credible actor, rest is pure unrealistic crap.
Seriously, why can't they fix Safari so it doesn't lock up. Then again, Firefox locks up too, oh, and Illustrator and Dreamweaver do too. Nothing really changes. OK, back to watching Cape Fear (1991) here in London on ITV2. DeNiro is the only credible actor, rest is pure unrealistic crap.
TyWahn said:
<pimp slap> -- for you!
no seriously, i was using 10.3.8 and everything was peachy farkin keen and then i went into the 10.3.9 and have had a few problems that are still not resolved really. [grrr] i was furious at first, felt like i was being forced into Tiger or something (how unApple) so these things do happen. i totally understand the apprehension now.
people are wise to check things out, and the members of this forum are pretty sensible in that regard
</end pimp slap>
software update question
Hi guys. I'm relatively new to Mac, but love it so far. I have one question though. Whenever I run a software update, the software update automatically appears at the end of the update telling me about new software available that I just updated! Is this common and/or is there a fix? Thanks in advance for any help!
Hi guys. I'm relatively new to Mac, but love it so far. I have one question though. Whenever I run a software update, the software update automatically appears at the end of the update telling me about new software available that I just updated! Is this common and/or is there a fix? Thanks in advance for any help!