Apple Patch Fixes 18 Flaws In Mac OS X

Discussion in 'Computer Support' started by Rotten Apples, Aug 7, 2009.

  1. http://www.crn.com/security/219100321;jsessionid=KJVF154WC5HBZQE
    1GHRSKHWATMY32JVN

    Apple (NSDQ:AAPL) released a security update Wednesday,
    repairing 18 holes in its Mac OS X operating system, including
    several critical imaging errors that enabled hackers to take
    over victims' computers when they view a maliciously crafted
    image file.

    The Apple update, which upgrades the Mac OS X platform to
    10.5.8, repaired an array of imaging flaws, as well as
    vulnerabilities affecting the Safari Web browser. The flaws
    paved the way for hackers to launch malicious code remotely on
    users' computers.

    Altogether, Apple plugged five holes in the way ImageIO
    Framework -- an application designed to help Mac applications
    read and write popular image formats -- handles OpenEXR files,
    EXIF metadata and PNG images. Other image flaws included a patch
    that resolved two heap buffer overflow vulnerabilities: one in
    the way ColorSync, a color management interface, handles an
    embedded profile; and the other in the way that ImageRAW handles
    a Canon (NYSE:CAJ) RAW image file.

    If left unpatched, hackers could launch attacks by enticing a
    user to open a malicious image file -- usually through some
    social engineering scheme -- which would subsequently download
    information-stealing malware onto the user's system.

    The patch also plugged a critical flaw affecting Apple's Safari
    Web browser, occurring in CFNetwork, which allows hackers to
    direct victims to a malicious Web site while the original Web
    site URL remains displayed along with a certificate of warning.

    Apple also repaired two networking vulnerabilities, one of which
    could lead to remote code execution or a system crash if a user
    opened a malicious AppleTalk response packet.

    Included in the patch bundle was a fix for a heap buffer
    overflow vulnerability in the XQuery component, which could lead
    to remote execution by processing maliciously crafted XML
    content.

    Apple also fixed slightly less severe vulnerabilities in its
    launchd services, which could lead to a denial of service attack
    by opening numerous connections in launchd services, as well as
    a logic bug in MobileMe, which could fail to delete all
    credentials once a user logged out.
    Rotten Apples, Aug 7, 2009
    #1
    1. Advertising

  2. Rotten Apples

    Guest

    Rotten Apples writes:

    > Apple (NSDQ:AAPL) released a security update Wednesday,
    > repairing 18 holes in its Mac OS X operating system, including
    > several critical imaging errors that enabled hackers to take
    > over victims' computers when they view a maliciously crafted
    > image file.
    >
    > The Apple update, which upgrades the Mac OS X platform to
    > 10.5.8, repaired an array of imaging flaws, as well as
    > vulnerabilities affecting the Safari Web browser. The flaws
    > paved the way for hackers to launch malicious code remotely on
    > users' computers.
    >
    > Altogether, Apple plugged five holes in the way ImageIO
    > Framework -- an application designed to help Mac applications
    > read and write popular image formats -- handles OpenEXR files,
    > EXIF metadata and PNG images. Other image flaws included a patch
    > that resolved two heap buffer overflow vulnerabilities: one in
    > the way ColorSync, a color management interface, handles an
    > embedded profile; and the other in the way that ImageRAW handles
    > a Canon (NYSE:CAJ) RAW image file.
    >
    > If left unpatched, hackers could launch attacks by enticing a
    > user to open a malicious image file -- usually through some
    > social engineering scheme -- which would subsequently download
    > information-stealing malware onto the user's system.
    >
    > The patch also plugged a critical flaw affecting Apple's Safari
    > Web browser, occurring in CFNetwork, which allows hackers to
    > direct victims to a malicious Web site while the original Web
    > site URL remains displayed along with a certificate of warning.
    >
    > Apple also repaired two networking vulnerabilities, one of which
    > could lead to remote code execution or a system crash if a user
    > opened a malicious AppleTalk response packet.
    >
    > Included in the patch bundle was a fix for a heap buffer
    > overflow vulnerability in the XQuery component, which could lead
    > to remote execution by processing maliciously crafted XML
    > content.
    >
    > Apple also fixed slightly less severe vulnerabilities in its
    > launchd services, which could lead to a denial of service attack
    > by opening numerous connections in launchd services, as well as
    > a logic bug in MobileMe, which could fail to delete all
    > credentials once a user logged out.


    What does that have to do with OS/2, Rotten Apples?
    , Aug 7, 2009
    #2
    1. Advertising

  3. Rotten Apples

    Guest

    Rôgêr writes:

    > Why are you cross-posting to so many groups?


    Take it up with Rotten Apples, who chose the
    newsgroup distribution, Rôgêr.
    , Aug 7, 2009
    #3
  4. Rotten Apples

    Guest

    Rôgêr writes:

    > Oh, I get it, he posted for you.


    Classic unsubstantiated and erroneous claim.

    > So sorry to have troubled you, you fucking moron.


    Who is "you fucking moron", Rôgêr? There is nobody
    in this newsgroup using that alias.
    , Aug 7, 2009
    #4
  5. Rotten Apples wrote:
    > http://www.crn.com/security/219100321;jsessionid=KJVF154WC5HBZQE
    > 1GHRSKHWATMY32JVN
    >
    > Apple (NSDQ:AAPL) released a security update Wednesday,
    > repairing 18 holes in its Mac OS X operating system, including
    > several critical imaging errors that enabled hackers to take
    > over victims' computers when they view a maliciously crafted
    > image file.
    >


    And the fanboys would have you believe that OS X is some sort of fault
    free zone. Just *nix with a pretty GIO, and a nasty GUI too, which
    attempts to keep you locked up nice and tight in the Apple walled
    garden, in a fantasy world of over priced under powered plastic.
    Caulfield Man, Aug 8, 2009
    #5
  6. Rotten Apples

    macfan Guest

    Caulfield Man wrote:
    > Rotten Apples wrote:
    >> http://www.crn.com/security/219100321;jsessionid=KJVF154WC5HBZQE
    >> 1GHRSKHWATMY32JVN
    >>
    >> Apple (NSDQ:AAPL) released a security update Wednesday, repairing 18
    >> holes in its Mac OS X operating system, including several critical
    >> imaging errors that enabled hackers to take over victims' computers
    >> when they view a maliciously crafted image file.
    >>

    >
    > And the fanboys would have you believe that OS X is some sort of fault
    > free zone. Just *nix with a pretty GIO, and a nasty GUI too, which
    > attempts to keep you locked up nice and tight in the Apple walled
    > garden, in a fantasy world of over priced under powered plastic.


    That is incorrect, most Macs have Aluminium cases, not plastic. ;)
    macfan, Aug 8, 2009
    #6
  7. macfan wrote:
    > Caulfield Man wrote:
    >> Rotten Apples wrote:
    >>> http://www.crn.com/security/219100321;jsessionid=KJVF154WC5HBZQE
    >>> 1GHRSKHWATMY32JVN
    >>>
    >>> Apple (NSDQ:AAPL) released a security update Wednesday, repairing 18
    >>> holes in its Mac OS X operating system, including several critical
    >>> imaging errors that enabled hackers to take over victims' computers
    >>> when they view a maliciously crafted image file.
    >>>

    >>
    >> And the fanboys would have you believe that OS X is some sort of fault
    >> free zone. Just *nix with a pretty GIO, and a nasty GUI too, which
    >> attempts to keep you locked up nice and tight in the Apple walled
    >> garden, in a fantasy world of over priced under powered plastic.

    >
    > That is incorrect, most Macs have Aluminium cases, not plastic. ;)


    Good point, they're overpriced under powered plastic and aluminium.

    (but the Macbook I just bought my teenager is still white plastic)
    Caulfield Man, Aug 8, 2009
    #7
  8. Rôgêr <> pinched out a steaming pile
    of<>:

    >§ñühw¤£f wrote:
    >> In message <>, Rôgêr

    wrote:
    >>> wrote:
    >>>> Rôgêr writes:
    >>>>
    >>>>> Why are you cross-posting to so many groups?
    >>>> Take it up with Rotten Apples, who chose the
    >>>> newsgroup distribution, Rôgêr.
    >>>>
    >>> Oh, I get it, he posted for you. So sorry to have troubled you, you
    >>> fucking moron.

    >>
    >> Google "Dave Tholen" sometime to see what bot-like Human Stump Dave

    is like,
    >> fyi.

    >
    >Thanks for the suggestion, but I was thinking of taking a shit

    instead.
    >

    I like your idea lots better.

    ^_^

    --
    http://www.youtube.com/watch?v=COaoYqkpkUA
    cageprisoners.com|www.snuhwolf.9f.com|www.eyeonpalin.org
    _____ ____ ____ __ /\_/\ __ _ ______ _____
    / __/ |/ / / / / // // . . \\ \ |\ | / __ \ \ \ __\
    _\ \/ / /_/ / _ / \ / \ \| \| \ \_\ \ \__\ _\
    /___/_/|_/\____/_//_/ \_@_/ \__|\__|\____/\____\_\
    §ñühw¤£f, Aug 8, 2009
    #8
  9. Rotten Apples

    Guest

    Rôgêr writes:

    > Thanks for the suggestion, but I was thinking of taking a shit instead.


    What does that have to do with OS/2, Rôgêr?
    , Aug 8, 2009
    #9
  10. Rotten Apples

    ah Guest

    Rôgêr wrote:
    > §ñühw¤£f wrote:
    >> In message <>, Rôgêr wrote:
    >>> wrote:
    >>>> Rôgêr writes:
    >>>>
    >>>>> Why are you cross-posting to so many groups?
    >>>> Take it up with Rotten Apples, who chose the
    >>>> newsgroup distribution, Rôgêr.
    >>>>
    >>> Oh, I get it, he posted for you. So sorry to have troubled you, you
    >>> fucking moron.

    >>
    >> Google "Dave Tholen" sometime to see what bot-like Human Stump Dave is like,
    >> fyi.

    >
    > Thanks for the suggestion, but I was thinking of taking a shit instead.


    Defecation is proscribed in demon.local

    Please see the FAQ'n Charter. It's a good idea to read a while before posting.
    --
    ah

    http://www.gianturl.com?OrohNkJfCKs...Xrv4fb3Z8,B6N,p,F0,GGgfQm5sS8my,,1,yrrdIboRgq
    ah, Aug 9, 2009
    #10
  11. ah <> pinched out a steaming pile
    of<4a7f51fa$0$79687$>:

    >Rôgêr wrote:
    >> §ñühw¤£f wrote:
    >>> In message <>, Rôgêr

    wrote:
    >>>> wrote:
    >>>>> Rôgêr writes:
    >>>>>
    >>>>>> Why are you cross-posting to so many groups?
    >>>>> Take it up with Rotten Apples, who chose the
    >>>>> newsgroup distribution, Rôgêr.
    >>>>>
    >>>> Oh, I get it, he posted for you. So sorry to have troubled you,

    you
    >>>> fucking moron.
    >>>
    >>> Google "Dave Tholen" sometime to see what bot-like Human Stump Dave

    is like,
    >>> fyi.

    >>
    >> Thanks for the suggestion, but I was thinking of taking a shit

    instead.
    >
    >Defecation is proscribed in demon.local
    >
    >Please see the FAQ'n Charter. It's a good idea to read a while before

    posting.

    Defenestration is inscribed in semen, local.

    Eat the fackin chowder. Its a good idea to beat a whale before
    toasting.



    --
    http://www.youtube.com/watch?v=COaoYqkpkUA
    cageprisoners.com|www.snuhwolf.9f.com|www.eyeonpalin.org
    _____ ____ ____ __ /\_/\ __ _ ______ _____
    / __/ |/ / / / / // // . . \\ \ |\ | / __ \ \ \ __\
    _\ \/ / /_/ / _ / \ / \ \| \| \ \_\ \ \__\ _\
    /___/_/|_/\____/_//_/ \_@_/ \__|\__|\____/\____\_\
    §ñühw¤£f, Aug 10, 2009
    #11
  12. Rotten Apples

    ah Guest

    PLONK
    ah, Aug 11, 2009
    #12
  13. Rotten Apples

    ah Guest

    DUH NADA
    ah, Aug 12, 2009
    #13
  14. Riffie Jobs <> pinched out a steaming pile
    of<lHNgm.11403$>:

    >KCOM wrote:
    >> On Tue, 11 Aug 2009 06:40:14 GMT, Riffie Jobs <>
    >> wrote:
    >>
    >>> ah wrote:
    >>>> PLONK
    >>> Hey thanX.

    >>
    >> Riffie how do you like Mozilla Thunderbird?

    >
    >Fucking hate it. For news, anyhow.
    >
    >mail is OK.
    >

    You have to patch it up. Get some add-ons for it..."Leet Key" is one
    good one.

    HTH

    NOW LISSENING TUE SKREWDRIEVERS!!!!!!!!!!!!!1111111!!!!!!!!


    --
    http://www.youtube.com/watch?v=COaoYqkpkUA
    cageprisoners.com|www.snuhwolf.9f.com|www.eyeonpalin.org
    _____ ____ ____ __ /\_/\ __ _ ______ _____
    / __/ |/ / / / / // // . . \\ \ |\ | / __ \ \ \ __\
    _\ \/ / /_/ / _ / \ / \ \| \| \ \_\ \ \__\ _\
    /___/_/|_/\____/_//_/ \_@_/ \__|\__|\____/\____\_\
    §ñühw¤£f, Aug 13, 2009
    #14
  15. Rotten Apples

    Guest

    snuhwolf writes:

    243> Google "Dave Tholen" sometime to see what bot-like Human Stump
    Dave is like,
    243> fyi.

    Classic erroneous presupposition.

    243> <wavies to Davey>

    Who is "Davey" snuhwolf? There is nobody in this newsgroup using
    that alias.

    244> I like your idea lots better.

    Then why not go do it rather than posting on Usenet, snuhwolf?

    245> Defenestration is inscribed in semen, local.

    245> Eat the fackin chowder. Its a good idea to beat a whale before
    245> toasting.

    What does that have to do with OS/2, snuhwolf?

    246> You have to patch it up. Get some add-ons for it..."Leet Key" is
    one
    246> good one.

    246> HTH

    246> NOW LISSENING TUE SKREWDRIEVERS!!!!!!!!!!!!!1111111!!!!!!!!

    What does that have to do with OS/2, snuhwolf?
    , Aug 17, 2009
    #15
  16. Rotten Apples

    Guest

    ah writes:

    3494> Defecation is proscribed in demon.local

    3494> Please see the FAQ'n Charter. It's a good idea to read a while
    before posting.

    3495> PLONK

    Famous Last Words.

    3496> DUH NADA

    What does that have to do with OS/2, ah?
    , Aug 17, 2009
    #16
  17. Rotten Apples

    ah Guest

    ah, Aug 19, 2009
    #17
  18. Rotten Apples

    Guest

    ah writes:

    3497> Don't make me come over tjhere.

    What is "tjhere", ah, and what does it have to do with OS/2?
    , Aug 19, 2009
    #18
  19. Rotten Apples

    Guest

    honestjohn writes:

    1670> Please, can't you see that "ah" has Alzheimer's Disease?

    What does that have to do with OS/2, honestjohn?
    , Aug 19, 2009
    #19
  20. In message <>,
    "" wrote:
    > honestjohn writes:
    >
    > 1670> Please, can't you see that "ah" has Alzheimer's Disease?
    >
    > What does that have to do with OS/2, honestjohn?


    DU YUO HACE ANY SKREWDRIEVERS TO DISCUS, RASE TRADIR?


    --
    Proof of Americas 3rd world status:
    http://www.ramusa.org/
    "I believe there are more instances of the abridgement of freedom of the people
    by gradual and silent encroachments by those in power than by violent and
    sudden usurpations.... The means of defense against foreign danger historically
    have become the instruments of tyranny at home."
    -James Madison
    §ñühw¤£f, Aug 19, 2009
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. why?
    Replies:
    6
    Views:
    766
  2. Rich
    Replies:
    8
    Views:
    1,077
  3. none
    Replies:
    5
    Views:
    541
    Jim Watt
    Jan 9, 2006
  4. Au79
    Replies:
    0
    Views:
    411
  5. Au79
    Replies:
    1
    Views:
    458
Loading...

Share This Page