FYI, now available...
Watchguard said:Apple Patches 25 More OS X Vulnerabilities
Severity: High
19 April, 2007
Summary:
Today, Apple released a security update fixing 25 security issues in software packages that ship as part of OS X, including fetchmail, kerberos, and ftpd. An attacker exploiting the worst of these security issues could execute code on your Mac, possibly gaining full control of your computer. If you manage OS X 10.3.9 or 10.4.9 computers, you should download, test, and install the appropriate Apple security update as soon as possible.
Exposure:
Apple's latest security update corrects 25 vulnerabilities affecting software packages that ship as part of OS X 10.3.9 and 10.4.9. Many of these vulnerabilities allow attackers to execute any code they choose on your OS X machines, so we rate this update Critical. You should apply it as soon as you can. Some of the fixed vulnerabilities include:
Remote code execution vulnerability caused by disk images. OS X ships with a package of file system tools called diskdev. One of the tools in this package, fsck, suffers from a memory corruption vulnerability. Attackers can create a specially crafted disk image that will automatically run fsck and trigger this vulnerability. By enticing one of your users into downloading and mounting a malicious disk image, an attacker can exploit this flaw to execute code on that user's computer, inheriting that user's privileges. The attacker could then exploit other local vulnerabilities described in Apple's alert to gain complete control of that user's Mac.
Format string vulnerability in Help Viewer. Help Viewer is the OS X component that allows you to view Help files. It suffers from a format string vulnerability caused by help files having specially-crafted names. By tricking one of your users into downloading and opening a malicious help file, an attacker could exploit this flaw to execute code on that user's computer, with that user's privileges. The attacker could then exploit other local vulnerabilities described in Apple's alert to gain complete control of that user's Mac.
Two code execution vulnerabilities in Libinfo. Libinfo, a component that ships with OS X, suffers from two vulnerabilities: an integer overflow flaw, and an unspecified flaw in its error reporting. By enticing one of your users to a malicious Web page, an attacker can exploit the most severe of these two vulnerabilities to execute attack code on your computer, potentially gaining control of it.
Apple's alert includes 21 more flaws, including many more code execution flaws like those described above. The remaining vulnerabilities also include local elevation of privilege flaws, some password bypassing vulnerabilities, and more. Other components that this security update patches include:
AFP Client
Airport
ftpd
Login Window
GNU Tar
network_cmds
HID family
SMB
Installer
System Configuration
Kerberos
VideoConference
URLMount
WebDAV
CarbonCore
WebFoundation
Refer to Apple's alert for more details.
Solution Path:
Apple has released updates to fix these vulnerabilities for both OS X 10.3.9 and 10.4.9. Apple OS X administrators should download, test, and deploy the appropriate updates as soon as possible.
Security Update 2007-004 (10.3.9 Client)
Security Update 2007-004 (10.3.9 Server)
Security Update 2007-004 (PPC)
Security Update 2007-004 (Universal)
Note: If you have trouble figuring out which of these patches corresponds to your version of OS X, we recommend you let OS X's Software Update utility automatically pick the correct update for you.
For All Users:
These flaws support diverse exploitation methods. Some of the exploits are local, meaning that your perimeter firewall never encounters the attack (unless you use firewalls internally between departments). The most secure course of action is to install the updates.
Status:
Apple released updates to fix these issues.
References:
Apple's April OS X Advisory