Apple OS X updates available

Friday, August 4, 2006

Please patch all of your Max OS X versions.  If you have them set to automatically patch, please confirm they have receiving this patch by inspecting a random sample.

http://docs.info.apple.com/article.html?artnum=304063                                                                                                                                                        

The patch clocks in at around 8.5 Mbyte (Intel) or 5.5 Mbyte (PPC) and     covers a lot of vulnerabilites. The bold ones are critical (remote code     execution): more authentication issues with AFP (the good ol' Mac file-sharing protocol), an interesting increase in the length of the Bluetooth auto-generated passkey for pairing (from six to eight characters), dynamic linker update (probably the "usual" trickery involving LD_PRELOAD which has been applied successfuly to many Unix systems in the past) gunzip file permission issues and overwriting files with the -N option, Bom decompression executing malicious code, more image viewer trouble with Canon RAW format (malicious code  (execution, again), same as above but with GIFs, same as above but with TIFFs, Safari troubles with Javascript, OpenSSH DoS attack when someone tries brute-forcing usernames (this is a regression bug since apparently it only affects 10.4 upwards),  the good ol' "telnet hands out environment variables to servers" now hitting OS X's telnet client,  Webkit giving access to de-allocated objects,                               fetchmail with lots of stuff including arbitrary code execution when downloading from a malicious POP3 server, and finally DHCP (bootpd actually) giving nice access with a  malformed query.