Daboweb | Seguridad y ayuda informática |

Ya está disponible desde el menú «Actualización de software» Mac OS X 10.6.8. Según informan desde Apple, entre otras, hay mejoras en la tienda Mac App Store para preparar el Mac para la actualización a Mac OS X Lion, solución de un problema que podía provocar que Vista Previa se cerrara inesperadamente, mejora de la compatibilidad con IPv6, etc.

A su vez, esta actualización viene combinada con la otra gran actualización de seguridad que, como podéis leer a continuación (en Inglés, de la lista de correo «Apple Security) es muy amplia. Se corrigen múltiples vulnerabilidades siendo algunas de ellas críticas para el sistema caso de ser explotadas.

Es por ello que desde Daboweb os recomendamos actualizar OS X con brevedad. (Se incluye a su vez la eliminación del sistema de las variantes que han ido surgiendo del falso antivirus «Mac Defender«).

Lista de bugs corregidos;

AirPort
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact:  When connected to Wi-Fi, an attacker on the same network may
be able to cause a system reset
Description:  An out of bounds memory read issue existed in the
handling of Wi-Fi frames. When connected to Wi-Fi, an attacker on the
same network may be able to cause a system reset. This issue does not
affect Mac OS X v10.6
CVE-ID
CVE-2011-0196

App Store
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7
Impact:  The user’s AppleID password may be logged to a local file
Description:  In certain circumstances, App Store may log the user’s
AppleID password to a file that is not readable by other users on the
system. This issue is addressed through improved handling of
credentials.
CVE-ID
CVE-2011-0197 : Paul Nelson

ATS
Available for:  Mac OS X v10.6 through v10.6.7,
Mac OS X Server v10.6 through v10.6.7
Impact:  Viewing or downloading a document containing a maliciously
crafted embedded font may lead to arbitrary code execution
Description:  A heap buffer overflow issue existed in the handling of
TrueType fonts. Viewing or downloading a document containing a
maliciously crafted embedded font may lead to arbitrary code
execution.
CVE-ID
CVE-2011-0198 : Harry Sintonen, Marc Schoenefeld of the Red Hat
Security Response Team

Certificate Trust Policy
Available for:  Mac OS X v10.6 through v10.6.7,
Mac OS X Server v10.6 through v10.6.7
Impact:  An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description:  An error handling issue existed in the Certificate
Trust Policy. If an Extended Validation (EV) certificate has no OCSP
URL, and CRL checking is enabled, the CRL will not be checked and a
revoked certificate may be accepted as valid. This issue is mitigated
as most EV certificates specify an OCSP URL.
CVE-ID
CVE-2011-0199 : Chris Hawk and Wan-Teh Chang of Google

ColorSync
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact:  Viewing a maliciously crafted image with an embedded
ColorSync profile may lead to an unexpected application termination
or arbitrary code execution
Description:  An integer overflow existed in the handling of images
with an embedded ColorSync profile, which may lead to a heap buffer
overflow. Opening a maliciously crafted image with an embedded
ColorSync profile may lead to an unexpected application termination
or arbitrary code execution.
CVE-ID
CVE-2011-0200 : binaryproof working with TippingPoint’s Zero Day
Initiative

CoreFoundation
Available for:  Mac OS X v10.6 through v10.6.7,
Mac OS X Server v10.6 through v10.6.7
Impact:  Applications that use the CoreFoundation framework may be
vulnerable to an unexpected application termination or arbitrary code
execution
Description:  An off-by-one buffer overflow issue existed in the
handling of CFStrings. Applications that use the CoreFoundation
framework may be vulnerable to an unexpected application termination
or arbitrary code execution.
CVE-ID
CVE-2011-0201 : Harry Sintonen

CoreGraphics
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7
Impact:  Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description:  An integer overflow issue existed in the handling of
Type 1 fonts. Viewing or downloading a document containing a
maliciously crafted embedded font may lead to arbitrary code
execution.
CVE-ID
CVE-2011-0202 : Cristian Draghici of Modulo Consulting, Felix Grobert
of the Google Security Team

FTP Server
Available for:  Mac OS X Server v10.6 through v10.6.7
Impact:  A person with FTP access may list files on the system
Description:  A path validation issue existed in xftpd. A person with
FTP access may perform a recursive directory listing starting from
the root, including directories that are not shared for FTP. The
listing will eventually include any file that would be accessible to
the FTP user. The contents of files are not disclosed. This issue is
addressed through improved path validation. This issue only affects
Mac OS X Server systems.
CVE-ID
CVE-2011-0203 : team karlkani

ImageIO
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7
Impact:  Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow existed in ImageIO’s handling of
TIFF images. Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2011-0204 : Dominic Chell of NGS Secure

ImageIO
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow issue existed in ImageIO’s
handling of JPEG2000 images. Visiting a maliciously crafted website
may lead to an unexpected application termination or arbitrary code
execution.
CVE-ID
CVE-2011-0205 : Harry Sintonen

International Components for Unicode
Available for:  Mac OS X v10.6 through v10.6.7,
Mac OS X Server v10.6 through v10.6.7
Impact:  Applications that use ICU may be vulnerable to an unexpected
application termination or arbitrary code execution
Description:  A buffer overflow issue existed in ICU’s handling of
uppercase strings. Applications that use ICU may be vulnerable to an
unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2011-0206 : David Bienvenu of Mozilla

Kernel
Available for:  Mac OS X v10.6 through v10.6.7,
Mac OS X Server v10.6 through v10.6.7
Impact:  A local user may be able to cause a system reset
Description:  A null dereference issue existed in the handling of
IPV6 socket options. A local user may be able to cause a system
reset.
CVE-ID
CVE-2011-1132 : Thomas Clement of Intego

Libsystem
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7
Impact:  Applications which use the glob(3) API may be vulnerable to
a denial of service
Description:  Applications which use the glob(3) API may be
vulnerable to a denial of service. If the glob pattern comes from
untrusted input, the application may hang or use excessive CPU
resources. This issue is addressed through improved validation of
glob patterns.
CVE-ID
CVE-2010-2632 : Maksymilian Arciemowicz

libxslt
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7
Impact:  Visiting a maliciously crafted website may lead to the
disclosure of addresses on the heap
Description:  libxslt’s implementation of the generate-id() XPath
function disclosed the address of a heap buffer. Visiting a
maliciously crafted website may lead to the disclosure of addresses
on the heap. This issue is addressed by generating an ID based on the
difference between the addresses of two heap buffers.
CVE-ID
CVE-2011-0195 : Chris Evans of the Google Chrome Security Team

MobileMe
Available for:  Mac OS X v10.6 through v10.6.7,
Mac OS X Server v10.6 through v10.6.7
Impact:  An attacker with a privileged network position may read a
user’s MobileMe email aliases
Description:  When communicating with MobileMe to determine a user’s
email aliases, Mail will make requests over HTTP. As a result, an
attacker with a privileged network position may read a user’s
MobileMe email aliases. This issue is addressed by using SSL to
access the user’s email aliases.
CVE-ID
CVE-2011-0207 : Aaron Sigel of vtty.com

MySQL
Available for:  Mac OS X Server v10.5.8,
Mac OS X Server v10.6 through v10.6.7
Impact:  Multiple vulnerabilities in MySQL 5.0.91
Description:  MySQL is updated to version 5.0.92 to address multiple
vulnerabilities, the most serious of which may lead to arbitrary code
execution. MySQL is only provided with Mac OS X Server systems.
Further information is available via the MySQL web site at
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html
CVE-ID
CVE-2010-3677
CVE-2010-3682
CVE-2010-3833
CVE-2010-3834
CVE-2010-3835
CVE-2010-3836
CVE-2010-3837
CVE-2010-3838

OpenSSL
Available for:  Mac OS X v10.6 through v10.6.7,
Mac OS X Server v10.6 through v10.6.7
Impact:  Multiple vulnerabilities in OpenSSL
Description:  Multiple vulnerabilities existed in OpenSSL, the most
serious of which may lead to arbitrary code execution. These issues
are addressed by updating OpenSSL to version 0.9.8r.
CVE-ID
CVE-2009-3245
CVE-2010-0740
CVE-2010-3864
CVE-2010-4180
CVE-2011-0014

patch
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7
Impact:  Running patch on a maliciously crafted patch file may cause
arbitrary files to be created or overwritten
Description:  A directory traversal issue existed in GNU patch.
Running patch on a maliciously crafted patch file may cause arbitrary
files to be created or overwritten. This issue is addressed through
improved validation of patch files.
CVE-ID
CVE-2010-4651

QuickLook
Available for:  Mac OS X v10.6 through v10.6.7,
Mac OS X Server v10.6 through v10.6.7
Impact:  Downloading a maliciously crafted Microsoft Office file may
lead to an unexpected application termination or arbitrary code
execution
Description:  A memory corruption issue existed in QuickLook’s
handling of Microsoft Office files. Downloading a maliciously crafted
Microsoft Office file may lead to an unexpected application
termination or arbitrary code execution. This issue does not affect
systems prior to Mac OS X v10.6.
CVE-ID
CVE-2011-0208 : Tobias Klein working with iDefense VCP

QuickTime
Available for:  Mac OS X v10.6 through v10.6.7,
Mac OS X Server v10.6 through v10.6.7
Impact:  Viewing a maliciously crafted WAV file may lead to an
unexpected application termination or arbitrary code execution
Description:  An integer overflow existed in QuickTime’s handling of
RIFF WAV files. Viewing a maliciously crafted WAV file may lead to an
unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2011-0209 : Luigi Auriemma working with TippingPoint’s Zero Day
Initiative

QuickTime
Available for:  Mac OS X v10.6 through v10.6.7,
Mac OS X Server v10.6 through v10.6.7
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue existed in QuickTime’s
handling of sample tables in QuickTime movie files. Viewing a
maliciously crafted movie file may lead to an unexpected application
termination or arbitrary code execution.
CVE-ID
CVE-2011-0210 : Honggang Ren of Fortinet’s FortiGuard Labs

QuickTime
Available for:  Mac OS X v10.6 through v10.6.7,
Mac OS X Server v10.6 through v10.6.7
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  An integer overflow existed in QuickTime’s handling of
movie files. Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2011-0211 : Luigi Auriemma working with TippingPoint’s Zero Day
Initiative

QuickTime
Available for:  Mac OS X v10.6 through v10.6.7,
Mac OS X Server v10.6 through v10.6.7
Impact:  Viewing a maliciously crafted PICT image may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in QuickTime’s handling of
PICT images. Viewing a maliciously crafted PICT image may lead to an
unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2010-3790 : Subreption LLC working with TippingPoint’s Zero Day
Initiative

QuickTime
Available for:  Mac OS X v10.6 through v10.6.7,
Mac OS X Server v10.6 through v10.6.7
Impact:  Viewing a maliciously crafted JPEG file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in QuickTime’s handling of
JPEG files. Viewing a maliciously crafted JPEG file may lead to an
unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2011-0213 : Luigi Auriemma working with iDefense

Samba
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact:  If SMB file sharing is enabled, a remote attacker may cause
a denial of service or arbitrary code execution
Description:  A stack buffer overflow existed in Samba’s handling of
Windows Security IDs. If SMB file sharing is enabled, a remote
attacker may cause a denial of service or arbitrary code execution.
For Mac OS X v10.6 systems, this issue is addressed in Mac OS X
10.6.7.
CVE-ID
CVE-2010-3069

Samba
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7
Impact:  If SMB file sharing is enabled, a remote attacker may cause
a denial of service or arbitrary code execution
Description:  A memory corruption issue existed in Samba’s handling
of file descriptors. If SMB file sharing is enabled, a remote
attacker may cause a denial of service or arbitrary code execution.
CVE-ID
CVE-2011-0719 : Volker Lendecke of SerNet

servermgrd
Available for:  Mac OS X Server v10.5.8,
Mac OS X Server v10.6 through v10.6.7
Impact:  A remote attacker may be able to read arbitrary files from
the system
Description:  An XML External Entity issue exists in servermgrd’s
handling of XML-RPC requests. This issue is addressed by removing
servermgrd’s XML-RPC interface. This issue only affects Mac OS X
Server systems.
CVE-ID
CVE-2011-0212 : Apple

subversion
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7
Impact:  If an http based Subversion server is configured, a remote
attacker may be able to cause a denial of service
Description:  A null dereference issue existed in Subversion’s
handling of lock tokens sent over HTTP. If an http based Subversion
server is configured, a remote attacker may be able to cause a denial
of service. For Mac OS X v10.6 systems, Subversion is updated to
version 1.6.6. For Mac OS X v10.5.8 systems, the issue is addressed
through additional validation of lock tokens. Further information is
available via the Subversion web site at
http://subversion.tigris.org/
CVE-ID
CVE-2011-0715

Mac OS X v10.6.8 and Security Update 2011-004 may be obtained from
the Software Update pane in System Preferences, or Apple’s Software
Downloads web site:
http://www.apple.com/support/downloads/

The Software Update utility will present the update that applies
to your system configuration. Only one is needed, either
Security Update 2011-004 or Mac OS X v10.6.8.

For Mac OS X v10.6.7
The download file is named: MacOSXUpd10.6.8.dmg
Its SHA-1 digest is: fee3d708be1cef09185eb9f6bfad18

84efb3f0fc

For Mac OS X v10.6 – v10.6.6
The download file is named: MacOSXUpdCombo10.6.8.dmg
Its SHA-1 digest is: 7e22a53b62bf16f44fbba4042606af91888335cf

For Mac OS X Server v10.6.7
The download file is named: MacOSXServerUpd10.6.8.dmg
Its SHA-1 digest is: 34e8d742635d11fe483b2ca63cbd2df4fe6bd42a

For Mac OS X Server v10.6 – v10.6.6
The download file is named: MacOSXServerUpdCombo10.6.8.dmg
Its SHA-1 digest is: 123bebedc91e9483c7e44e671bf27fda34821b1f

For Mac OS X v10.5.8
The download file is named: SecUpd2011-004.dmg
Its SHA-1 digest is: 2d8967d783c08c4d7904c0138f5ea6fb0056a2f0

For Mac OS X Server v10.5.8
The download file is named: SecUpdSrvr2011-004.dmg
Its SHA-1 digest is: 9fe192900feb5808307aa0329f1d0df430f536f6

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222