Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2007.0112 -- [OSX] Apple Security Update 2007-002 16 February 2007 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Finder iChat UserNotification Publisher: Apple Operating System: Mac OS X Impact: Execute Arbitrary Code/Commands Increased Privileges Denial of Service Access: Remote/Unauthenticated CVE Names: CVE-2007-0710 CVE-2007-0614 CVE-2007-0197 CVE-2007-0023 CVE-2007-0021 Original Bulletin: http://docs.info.apple.com/article.html?artnum=305102 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2007-02-15 Security Update 2007-002 Security Update 2007-002 is now available and addresses the following issues: Finder CVE-ID: CVE-2007-0197 Available for: Mac OS X v10.4.8, Mac OS X Server v10.4.8 Impact: Mounting a maliciously-crafted disk image may lead to an application crash or arbitrary code execution Description: A buffer overflow exists in Finder's handling of volume names. By enticing a user to mount a malicious disk image, an attacker could trigger this issue, which may lead to an application crash or arbitrary code execution. A proof of concept for this issue has been published on the Month of Apple Bugs web site (MOAB-09-01-2007). This update addresses the issue by performing additional validation of disk images. This issue does not affect systems prior to Mac OS X v10.4. Credit to Kevin Finisterre of DigitalMunition for reporting this issue. iChat CVE-ID: CVE-2007-0614, CVE-2007-0710 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.8, Mac OS X Server v10.4.8 Impact: Attackers on the local network may be able to cause iChat to crash Description: A null pointer dereference in iChat's Bonjour message handling could allow a local network attacker to cause an application crash. A proof of concept for this issue in Mac OS X v10.4 has been published on the Month of Apple Bugs web site (MOAB-29-01-2007). This update addresses the issues by performing additional validation of Bonjour messages. iChat CVE-ID: CVE-2007-0021 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.8, Mac OS X Server v10.4.8 Impact: Visiting malicious websites may lead to an application crash or arbitrary code execution Description: A format string vulnerability exists in the iChat AIM URL handler. By enticing a user to access a maliciously-crafted AIM URL, an attacker can trigger the overflow, which may lead to an application crash or arbitrary code execution. A proof of concept for this issue has been published on the Month of Apple Bugs web site (MOAB-20-01-2007). This update addresses the issue by performing additional validation of AIM URLs. UserNotification CVE-ID: CVE-2007-0023 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.8, Mac OS X Server v10.4.8 Impact: Malicious local users may be able to obtain system privileges Description: The UserNotificationCenter process runs with elevated privileges in the context of a local user. This may allow a malicious local user to overwrite or modify system files. A program that triggers this issue has been published on the Month of Apple Bugs web site (MOAB-22-01-2007). This update addresses the issue by having UserNotificationCenter drop its group privileges immediately after launching. Security Update 2007-002 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.4.8 (PowerPC) The download file is named: "SecUpd2007-002Ti.dmg" Its SHA-1 digest is: 79da4e0f61288277f9896e761903abf748d2dc21 For Mac OS X v10.4.8 (Intel) The download file is named: "SecUpd2007-002Univ.dmg" Its SHA-1 digest is: 9a4b97853ac05ff407a8b8fe0906d916e219648b For Mac OS X v10.3.9 The download file is named: "SecUpd2007-002Pan.dmg" Its SHA-1 digest is: 81199248bf7218d8788663153131ab51d31320a1 Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBRdSUVYmzP5/bU5rtAQhWywgAn97GfRUyIFuBPsx37RNG1XCo5swnVY3u agGCzAyXtEj5D/AiyVzPLrT5Lmb2I78grI6wJDocB5k8g1HCQQsvJoMneN1iAtMH ekwyicx5ZP0Fwh/JYBIQjcWgpVm5S5cA+A4ZOjsODU0xT+jl9SxjVZe62y95eTF0 fK/LNvKQkxpUYHbAJ5mU9JC8dUQ/m9dGlHt3nRM82or0zJNxSa3YvhSLaEXs2HBF Zynt4xfrFXFuw9YJR2R+K7CsDypTbCbN+oL0cp4RfFdJVfZ3RVIZrCDKGjXElP3y 3tmAaP6NXJ7A1YK5jB+k30l2N+dh5yDW27AdH/17IBScUvYiauBpmQ== =duIn - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRdUkwSh9+71yA2DNAQKE+QP+NjUv7siGKwMXKx0AX166yJCttW9uC+Z8 JauAVD3k5oy20GrWaerumvrnw+mO2sIr7mSpPE9VyoV7jAdCo9cjWNCHalQZFSsK 6hbrrx2bjXdS7IJzaFE9ocmlJ7pXBSB65OPRaQ3diL3cfm76ML92gegfyREuIp4F 5Oa8Qt0YAUQ= =cT73 -----END PGP SIGNATURE-----