The megapatch covers holes that put Mac users at risk of code execution, denial-of-service and information disclosure attacks.The Mac OS X security train pulled into the patching station Feb. 11 with
fixes for a total of 10 vulnerabilities, including one that was first disclosed
more than a year ago during the Month of Apple Bugs project.
The megapatch—available
for both Tiger and Leopard users—covers holes that put Mac users at risk of
code execution, denial-of-service and information disclosure attacks. Eight of
the 10 vulnerabilities affect Mac OS X 10.5.2.
According to a security bulletin accompanying the patches, one of patches
covers a
security hole disclosed more than 11 months ago during the controversial MOAB
project, in which hackers released daily alerts for flaws in the Mac ecosystem.
The bug, described as a stack buffer
overflow, exists in the SLP (Service Location Protocol) daemon, and can
execute arbitrary code with system privileges.
The patch batch also covers a serious flaw in the way the Safari browser
handles certain URLs. "Accessing a maliciously crafted URL may lead to an
application termination or arbitrary code execution," Apple warned,
chalking it up to a memory corruption issue. The vulnerability does not affect
systems prior to Mac OS X v10.5.
The Launch Services API, which is used to
open applications or their document files or URLs in a way similar to the
Finder or the Dock, is also being patched, in order to correct a bug that
causes an application to be launched via Time Machine backup even after it's
removed from the system.
Click here to read about a bug Apple plugged in QuickTime that could lead to "drive-by" malware installations.
The Mac OS X Mail client is also being patched to fix an implementation issue
in Mail's handling of "file://" URLs. "[This could] allow
arbitrary applications to be launched without warning when a user clicks a URL
in a message," Apple warned.
The Security Update also covers a gaping hole in Samba
that could lead to an
unexpected application termination or arbitrary code execution. The issue is a
stack buffer overflow in Samba when processing certain NetBIOS Name Service
requests.
"If a system is explicitly configured to allow 'domain log-ons,' an
unexpected application termination or arbitrary code execution could occur when
processing a request. Mac OS X Server systems configured as domain controllers
are also affected," Apple said.
A separate patch also covers a Terminal hole that could allow code execution
attacks from simply viewing a booby-trapped Web page. Apple described the issue
as an input validation error in the processing of URL schemes handled by
Terminal.app.
Apple also patched a remote code execution issue in the way NFS
(Network File System) handled mbuf chains; a pair of X11 vulnerabilities that
introduce arbitrary code execution risks; and an information disclosure bug in
Parental Controls.
/ 3 
