Apple has released a Mac OS X security update affecting a wide range of components, some coming with critical ratings.
Among those elements affected are: AppKit, BlueTooth, CoreFoundation, cups, Directory Services, HIToolBox, Kerberos, loginwindow, Mail, OpenSSL, QuartzComposerScreenSaver, Security Interface, Safari, X11 and zlib.
Apache 2 has been updated for Mac OS X Server 10.3.9 fixing a buffer overflow issue in the htdigest program. The vulnerability could be used in a CGI application to manage user access controls to a web server. A similar issue in Apache 1.3 was fixed with Security Update 2005-005.
The latest security update fixes several issues with AppKit, including a buffer overflow in the handling of maliciously crafted rich text files that could lead to arbitrary code execution. The update prevents the buffer overflow from occurring.
A similar buffer overflow was fixed that affects applications such as TextEdit that use AppKit to open Microsoft Word documents. Apple noted that Microsoft Word for Mac OS X is not vulnerable.
A buffer overflow in Directory Services that handles authentication could lead to arbitrary code execution by a remote attacker. This update prevents the buffer overflow from occurring. Another Directory Services vulnerability focused on several security flaws with the privileged tool dsidentity. The flaw could allow non-administrative users to add or remove identity user accounts in Directory Services. dsidentity and its documentation have been removed as of this update.
Kerberos has been updated to version 5.5.1, which fixes multiple buffer overflow vulnerabilities that could result in denial of service or remote compromise of a KDC.
The loginwindow in Mac OS X 10.4.2 has been updated fixing a flaw in the handling of Fast User Switching that can allow a local user who knows the password for two accounts to log into a third account without knowing the password.
In some circumstances Apple’s Mail application would attempt to load remote images even if a user’s preferences disallow it. This privacy issue has been fixed with the security update.
Multiple vulnerabilities with MySQL in Mac OS X 10.3.9 were fixed that would allow arbitrary code execution by remote authenticated users. This issue did not affect users of Mac OS X 10.4.
Two issues with Safari were fixed including a flaw that could allow arbitrary command execution by clicking on a link in a maliciously crafted rich text file in Safari. In previous versions, Safari would render rich text content, allowing URLs to be called directly, effectively bypassing normal browser security checks.
The other update to Safari addressed an issue that could send information submitted in a form to the wrong website. When submitting forms in Safari on an XSL formatted page, data is sent to the next page browsed. This update addresses the issue by ensuring that form contents are submitted correctly.