STANFORD UNIVERSITY

SECURE COMPUTING

Security Alerts

May 30, 2006

Apple Releases Patches for Multiple Critical Vulnerabilities

Summary

On May 11, 2006, Apple released a new critical security update (2006-003) to correct multiple vulnerabilities affecting the Macintosh OS and corresponding components/applications. This combined security update is designed to fix twenty-five (25) security vulnerabilities, most of them serious. The affected platforms and components are:

    • Apple Mac OS X version 10.3.9 (Panther) and version 10.4.6 (Tiger)
    • Apple Mac OS X Server version 10.3.9 and version 10.4.6
    • Apple Safari web browser
    • Apple Mail

It is imperative this update be applied to Macintosh systems meeting the above criteria due to the serious nature of the vulnerabilities which are directly exploitable from the Internet. Details are in the Technical Detail section of this post.

What to Do

This update can be downloaded and installed via Software Update preferences, or from the Apple Downloads web page.

Please note there are separate versions of this update for server computers and client computers if you are going to manually download it from the Apple Downloads web page.

Technical Detail

It is important that this patch be applied. Among the notable vulnerabilities are:

  • Viewing a maliciously-crafted GIF, JPEG, or TIFF image may lead to arbitrary code execution.
  • Expanding an archive may lead to arbitrary code execution.
  • Characters entered into a secure text field can be read by other applications in the same window session.
  • Launching an Internet Location item from Finder may lead to arbitrary code execution.
  • FTP operations in FTPServer by authenticated FTP users may lead to arbitrary code execution.
  • Playing Flash Player content may lead to arbitrary code execution.
  • An application may be able to use Keychain items when the Keychain is locked.
  • Viewing a malicious web site may lead to arbitrary code execution.
  • Viewing a malicious mail message may lead to arbitrary code execution.
  • Navigating a maliciously-crafted directory hierarchy (in Preview) may lead to arbitrary code execution.
  • Characters entered into a secure text field (AppKit) can be read by other applications in the same window session.
  • Registration of an untrusted bundle may lead to arbitrary code execution.
  • Visiting malicious web sites in Safari may lead to file manipulation or arbitrary code execution.
  • MySQL database may be accessed with an empty password.
  • A malformed QuickTime movie can cause QuickTime Streaming Server to crash.
  • Ruby safe level restrictions may be bypassed.
  • Processing maliciously-crafted email messages with ClamAV may lead to arbitrary code execution.
  • URL handling in libcurl may lead to arbitrary code execution.

Information regarding this update can be found at:
http://docs.info.apple.com/article.html?artnum=303737

References

Additional information regarding these vulnerabilities is available at

The Information Security Office would like to thank Brian Young of IT Services for his assistance in producing this alert.

Last modified Monday, 08-Oct-2007 04:34:17 PM

Stanford University Home Page