{"id":3582,"date":"2005-08-17T17:45:33","date_gmt":"2005-08-17T17:45:33","guid":{"rendered":"http:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/e-commerce\/apple-security.html"},"modified":"2005-08-17T17:45:33","modified_gmt":"2005-08-17T17:45:33","slug":"apple-security","status":"publish","type":"post","link":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/e-commerce\/apple-security.html","title":{"rendered":"Apple Security"},"content":{"rendered":"<p class=\"MsoNormal\" style=\"MARGIN: 0in 0in 0pt\"><span style=\"FONT-SIZE: 10pt\">It is so unusual to hear about MAC vulnerabilities that I wanted to pass this Technical Cyber Security Alert on to all of you in case you have a MAC. We always tend to think MACs are secure because no one targets them. I guess success breeds hackers!<\/span><\/p>\n<p><span style=\"FONT-SIZE: 10pt\">&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-<\/span><\/p>\n<p class=\"MsoNormal\" style=\"MARGIN: 0in 0in 0pt\"><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>National Cyber Alert System<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Technical Cyber Security Alert TA05-229A <\/p>\n<p>Apple Mac Products are Affected by Multiple Vulnerabilities<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Original release date: August 17, 2005<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Last revised: &#8212;<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Source: US-CERT<\/p>\n<p>Systems Affected<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>* Apple Mac OS X version 10.3.9 (Panther) and version 10.4.2 (Tiger)<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>* Apple Mac OS X Server version 10.3.9 and version 10.4.2<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>* Apple Safari web browser<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Please see Apple Security Update 2005-007 for further information.<\/p>\n<p>Overview<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Apple has released Security Update 2005-007 to address multiple<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>browser, and other products. The most serious of these vulnerabilities<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>may allow a remote attacker to execute arbitrary code. Impacts of<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>other vulnerabilities include bypassing security restrictions and<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>denial of service.<\/p>\n<p>I. Description<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Apple Security Update 2005-007 resolves a number of vulnerabilities<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>affecting Mac OS X, OS X Server, Safari web browser, and other<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>products. Further details are available in the following Vulnerability<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Notes:<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>VU#913820 &#8211; Apple Mac OS X Directory Services contains a buffer<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>overflow<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>A buffer overflow in Apple Mac OS X Directory Service&#8217;s authentication<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>process may allow a remote, unauthenticated attacker to execute<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>arbitrary code on a vulnerable system.<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>(CAN-2005-2507)<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>VU#461412 &#8211; Apple Mac OS X Server servermgrd authentication vulnerable<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>to buffer overflow<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Apple Mac OS X Server servermgrd contains an unspecified buffer<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>overflow vulnerability in its authentication handling routines. This<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>vulnerability may lead to remote execution of arbitrary code.<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>(CAN-2005-2518)<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>VU#435188 &#8211; Apple Mac OS X AppKit vulnerable to buffer overflow via<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>the handling of maliciously crafted rich text files<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>A buffer overflow vulnerability exists in a component of Apple&#8217;s Mac<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>OS X operating system that handles rich text files.<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>(CAN-2005-2501)<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>VU#172948 &#8211; Apple Mac OS X AppKit vulnerable to buffer overflow via<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>maliciously crafted Microsoft Word files<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>A buffer overflow vulnerability exists in a component of Apple&#8217;s Mac<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>OS X operating system that handles Microsoft Word files.<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>(CAN-2005-2502)<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>VU#420316 &#8211; Apple Mac OS X Safari vulnerable to arbitrary command<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>execution via URLs in PDF files<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Apple Mac OS X WebKit and Safari security controls may be bypassed,<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>possibly allowing remote command execution.<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>(CAN-2005-2522)<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>VU#709220 &#8211; Apple Safari fails to perform security checks on links in<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>rich text content<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Apple Safari fails to perform security checks on hyperlinks in rich<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>text content, which may allow an attacker to execute arbitrary<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>commands on a vulnerable system.<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>(CAN-2005-2516)<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Please note that Apple Security Update 2005-007 addresses<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>additional vulnerabilities not described above. As further<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>information becomes available, we will publish individual<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Vulnerability Notes.<\/p>\n<p>II. Impact<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>The impacts of these vulnerabilities vary. For information about<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>specific impacts please see the Vulnerability Notes. Potential<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>consequences include remote execution of arbitrary code or commands,<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>bypass of security restrictions, and denial of service.<\/p>\n<p>III. Solution<\/p>\n<p>Install an update<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Install the update as described in Apple Security Update 2005-007. In<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>addition, this update is available via Apple Update.<\/p>\n<p>Appendix A. References<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>* US-CERT Vulnerability Note VU#913820 &#8211;<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>&lt;<a href=\"http:\/\/www.kb.cert.org\/vuls\/id\/913820\">http:\/\/www.kb.cert.org\/vuls\/id\/913820<\/a>&gt;<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>* US-CERT Vulnerability Note VU#461412 &#8211;<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>&lt;<a href=\"http:\/\/www.kb.cert.org\/vuls\/id\/461412\">http:\/\/www.kb.cert.org\/vuls\/id\/461412<\/a>&gt;<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>* US-CERT Vulnerability Note VU#435188 &#8211;<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>&lt;<a href=\"http:\/\/www.kb.cert.org\/vuls\/id\/435188\">http:\/\/www.kb.cert.org\/vuls\/id\/435188<\/a>&gt;<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>* US-CERT Vulnerability Note VU#172948 &#8211;<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>&lt;<a href=\"http:\/\/www.kb.cert.org\/vuls\/id\/172948\">http:\/\/www.kb.cert.org\/vuls\/id\/172948<\/a>&gt;<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>* US-CERT Vulnerability Note VU#420316 &#8211;<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/spa\nn>&lt;<a href=\"http:\/\/www.kb.cert.org\/vuls\/id\/420316\">http:\/\/www.kb.cert.org\/vuls\/id\/420316<\/a>&gt;<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>* US-CERT Vulnerability Note VU#709220 &#8211;<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>&lt;<a href=\"http:\/\/www.kb.cert.org\/vuls\/id\/709220\">http:\/\/www.kb.cert.org\/vuls\/id\/709220<\/a>&gt;<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>* Apple Security Update 2005-007 &#8211;<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>&lt;<a href=\"http:\/\/docs.info.apple.com\/article.html?artnum=302163\">http:\/\/docs.info.apple.com\/article.html?artnum=302163<\/a>&gt;<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>* Mac OS X: Updating your software &#8211;<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><span style=\"mso-spacerun: yes\">\u00a0<\/span>&lt;<a href=\"http:\/\/docs.info.apple.com\/article.html?artnum=106704\">http:\/\/docs.info.apple.com\/article.html?artnum=106704<\/a>&gt;<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0<\/span>____________________________________________________________________<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>The most recent version of this document can be found at:<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>&lt;<a href=\"http:\/\/www.us-cert.gov\/cas\/techalerts\/TA05-229A.html\">http:\/\/www.us-cert.gov\/cas\/techalerts\/TA05-229A.html<\/a>&gt;<br \/><span style=\"mso-spacerun: yes\">\u00a0<\/span>____________________________________________________________________<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Feedback can be directed to US-CERT. Please send email to<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>&lt;cert@cert.org&gt; with &quot;TA05-229A Feedback VU#913820&quot; in the subject.<br \/><span style=\"mso-spacerun: yes\">\u00a0<\/span>____________________________________________________________________<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Mailing list information:<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>&lt;<a href=\"http:\/\/www.us-cert.gov\/cas\/\">http:\/\/www.us-cert.gov\/cas\/<\/a>&gt;<br \/><span style=\"mso-spacerun: yes\">\u00a0<\/span>____________________________________________________________________<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Produced 2005 by US-CERT, a government organization.<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Terms of use:<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>&lt;<a href=\"http:\/\/www.us-cert.gov\/legal.html\">http:\/\/www.us-cert.gov\/legal.html<\/a>&gt;<br style=\"mso-special-character: line-break\" \/><br style=\"mso-special-character: line-break\" \/><\/p>\n<p \/>\n","protected":false},"excerpt":{"rendered":"<p>It is so unusual to hear about MAC vulnerabilities that I wanted to pass this Technical Cyber Security Alert on to all of you in case you have a MAC. We always tend to think MACs are secure because no one targets them. I guess success breeds hackers! &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;- \u00a0\u00a0\u00a0\u00a0\u00a0 National Cyber Alert System \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/p>\n","protected":false},"author":44,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/3582"}],"collection":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/comments?post=3582"}],"version-history":[{"count":0,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/3582\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/media?parent=3582"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/categories?post=3582"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/tags?post=3582"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}