Mac Season

If you're new to MacSeason.com and like what you see, you may want to subscribe to our RSS feed.

The latest version of VisualHub has been released and there is now support for high-resolution format for widescreen video on iPod, iPhone, AppleTV, Mac, Win, Linux, PS3 and Xbox360!
Other enhancements: 

• Full support for 8-core Mac Pros.
• Support for PSP firmware 3.30 and up. Full resolution 480×272 video is now possible!
• Raw FLV files are now created with appropriate metadata.
• Up to 100% speedup when converting to DV on Intel Macs!
• The Apple TV preset will now create full 720p video from PAL HD sources.
• Tweaks to Apple TV and iPod bitrate presets and rate control.
• Xgrid conversions no longer have the potential to create huge log files.
• Two Pass conversions can now be cancelled during the first pass.
• When creating streaming MP4 files, a lower distance between keyframes is now used.

(more…)

Apple has released, what is probably the final update to OS X 10.4 - the following issues are addressed:

Bluetooth

Addresses an issue in which a Bluetooth headset may show up as an available device for sound output in the Sound preference pane after it had been removed from Bluetooth preferences.

Third-party

• Adds RAW image decoding support for the following cameras: Panasonic DMC-LX1, Panasonic DMC-LX2, Leica M8, Leica D-LUX 2, Leica D-LUX 3, Fuji S5 Pro, Nikon D40x, and Canon EOS 1D Mk III.
• Resolves an issue in which some DNG images may appear tinted or distorted.
• Improves compatibility of Mathematica 6 with 64-bit Macs.

USB

• Improves reliability when using the IR remote control after waking from sleep.
• Improves reliability when mounting external USB hard drives.
• Resolves an issue in which a TomTom GO 910 may not be recognized when connected via USB to an Intel-based Mac.

Other

• Improves responsiveness when using the Control-Eject key combination to display a shutdown dialog.
• Addresses a specific issue in which users importing video from a DV camera may experience dropped frames.
• Includes recent Apple security updates.
• Addresses issues with calendar calculations in certain applications.
• Addresses issues when rounding decimal numbers for display in certain applications.
• For Motion, addresses an issue in which some texture corruption could appear in Motion if VRAM is full.

Apparently Yahoo!Sync is also added in this update according to TUAW

I have installed the update with no problems - the update required a restart of the machine. As usual it is a good idea to repair permissions before and after the update.

Get it from Apple Support Downloads or via your Software Update.

This is a 72-293 MB download for Intel Macs (depending on your current version)

With iTunes 7.2, preview and purchase iTunes Plus music—new higher-quality, DRM-free music downloads from participating music labels.

The iTunes Store also offers songs without DRM protection, from participating record labels. These DRM-free songs, called “iTunes Plus,” have no usage restrictions and feature higher-quality encoding.

The first time you buy an iTunes Plus song, you specify whether to make all future purchases iTunes Plus versions (when available). You can change this setting by accessing your account information on the iTunes Store.

If you already have iTunes Store purchases that are now available as iTunes Plus downloads, you may upgrade your existing purchases. To do so, visit the iTunes Store and follow the onscreen instructions.

I have installed the update with no problems, as usual it is a good idea to repair permissions before and after the update.

Apple has released Security Update QuickTime 7.1.6. This update is recommended for all users and improves the security of QuickTime by addessing the following issues:

QuickTime

CVE-ID: CVE-2007-2388

Available for: QuickTime 7.1.6 for Mac OS X and Windows

Impact: Visiting a malicious website may lead to arbitrary code execution

Description: An implementation issue exists in QuickTime for Java, which may allow instantiation or manipulation of objects outside the bounds of the allocated heap. By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of Java applets. Credit to John McDonald, Paul Griswold, and Tom Cross of IBM Internet Security Systems X-Force, and Dyon Balding of Secunia Research for reporting this issue.

QuickTime

CVE-ID: CVE-2007-2389

Available for: QuickTime 7.1.6 for Mac OS X and Windows

Impact: Visiting a malicious website may lead to the disclosure of sensitive information

Description: A design issue exists in QuickTime for Java, which may allow a web browser’s memory to be read by a Java applet. By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to the disclosure of sensitive information. This update addresses the issue by clearing memory before allowing it to be used by untrusted Java applets.

I have installed the update with no problems - the update does not require a restart of the machine. As usual it is a good idea to repair permissions before and after the update.

Get it from Apple Support Downloads.
This is a 1.4 MB download

Apple has released Security Update 2007-005 which includes the contents of Security Update 2007-004, plus the following fixes:

Alias Manager

CVE-ID: CVE-2007-0740

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Users may be misled into opening a substituted file

Description: In certain circumstances, an implementation issue in Alias Manager will not show identically-named files contained in identically-named mounted disk images. By enticing a user to mount two identically-named disk images, an attacker could mislead the user into opening a malicious program. This update addresses the issue by performing additional validation of mountpaths. Credit to Greg Bolsinga of Blurb, Inc. for reporting this issue.

BIND

CVE-ID: CVE-2007-0493, CVE-2007-0494, CVE-2006-4095, CVE-2006-4096

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Multiple vulnerabilities in BIND, the most serious of which is remote denial of service

Description: BIND is updated to version 9.3.4. Further information is available via the ISC web site at http://www.isc.org/index.pl?/sw/bind/

CoreGraphics

CVE-ID: CVE-2007-0750

Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: An integer overflow vulnerability exists in the handling of PDF files. By enticing a user to open a maliciously crafted PDF file, an attacker could trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PDF files. This issue does not affect systems prior to Mac OS X v10.4.

crontabs

CVE-ID: CVE-2007-0751

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: The daily /tmp cleanup script may lead to a denial of service

Description: Filesystems mounted in the /tmp directory may be deleted when the daily cleanup script is executed, which may lead to a denial of service. This update addresses the issues by updating the daily cleanup script to prevent find commands from descending into mounted filesystems.

fetchmail

CVE-ID: CVE-2007-1558

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: fetchmail password disclosure may be possible

Description: fetchmail is updated to version 6.3.8 to address a cryptographic weakness that could lead to the disclosure of fetchmail passwords. Further information is available via the fetchmail web site at http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt

file

CVE-ID: CVE-2007-1536

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Running the file command on a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution

Description: A heap buffer overflow vulnerability exists in the file command line tool, which may lead to an unexpected application termination or arbitrary code execution. This update addresses by performing additional validation of files that are passed to the file command.

iChat

CVE-ID: CVE-2007-2390

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution

Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in iChat. By sending a maliciously crafted packet, an attacker on the local network can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets in iChat.

mDNSResponder

CVE-ID: CVE-2007-2386

Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution

Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in the OS X mDNSResponder implementation. By sending a maliciously crafted packet, an attacker on the local network can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets. This issue does not affect systems prior to Mac OS X v10.4. Credit to Michael Lynn of Juniper Networks for reporting this issue.

PPP

CVE-ID: CVE-2007-0752

Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: A local user may obtain system privileges

Description: An implementation issue exists in the PPP daemon when loading plugins via the command line, which allows a local user to obtain system privileges. This update addresses the issue through validation of user privileges. This issue does not affect systems prior to Mac OS X v10.4. Credit to an anonymous researcher working with the iDefense VCP for reporting this issue.

ruby

CVE-ID: CVE-2006-5467, CVE-2006-6303

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Denial of service vulnerabilities in the Ruby CGI library

Description: Multiple denial of service issues exist in the Ruby CGI library. By sending maliciously crafted HTTP requests to a web application using cgi.rb, an attacker could trigger an issue which may lead to a denial of service. This update addresses the issues by applying the Ruby patches.

screen

CVE-ID: CVE-2006-4573

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Multiple denial of service vulnerabilities in GNU Screen

Description: The screen command line tool is updated to address multiple denial of service vulnerabilities. Further information is available via the GNU web site at http://lists.gnu.org/archive/html/screen-users/2006-10/msg00028.html

texinfo

CVE-ID: CVE-2005-3011

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: A vulnerability in texinfo may allow arbitrary files to be overwritten

Description: A file handling issue exists in texinfo, which may allow a local user to create or overwrite files with the privileges of the user running texinfo. This update addresses the issue through improved handling of temporary files.

VPN

CVE-ID: CVE-2007-0753

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: A local user may obtain system privileges

Description: A format string vulnerability exists in vpnd. By running the vpnd command with maliciously crafted arguments, a local user can trigger the vulnerability which may lead to arbitrary code execution with system privileges. This update addresses the issue by performing additional validation of the arguments passed to vpnd. Credit to Chris Anley of NGSSoftware for reporting this issue.

I have installed the update with no problems - the update required a restart of the machine. As usual it is a good idea to repair permissions before and after the update. Please note Security Update 2007-004 has been incorporated into this security update.

Get it from Apple Support Downloads.
This is a 29.2 MB download

QuickTime 7.1.6 delivers numerous bug fixes, addresses a critical security issue with QuickTime for Java and includes support for:

• Final Cut Studio 2
• Timecode and closed captioning display in QuickTime Player

QuickTime

CVE-ID: CVE-2007-2175

Available for: Mac OS X v10.3.9, Mac OS X v10.4.9, Windows XP SP2, Windows 2000 SP4

Impact: Visiting a malicious website may lead to arbitrary code execution

Description: An implementation issue exists in QuickTime for Java, which may allow reading or writing out of the bounds of the allocated heap. By enticing a user to visit a web page containing a maliciously-crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional bounds checking when creating QTPointerRef objects. Credit to Dino Dai Zovi working with TippingPoint and the Zero Day Initiative for reporting this issue.

This update is recommended for all QuickTime 7 users.

I have installed the update with no problems - the update required a restart of the machine. As usual it is a good idea to repair permissions before and after the update.

Get it from Apple Support Downloads.
This is a 43.6 MB download

Apple has released Security Update 2007-004 v1.1 which includes the contents of Security Update 2007-004, plus the following fixes:

AirPort

Available for: Mac OS X v10.3.9

This update corrects an issue where the AirPort connection may be lost after waking from sleep. This issue only affects Mac OS X v10.3.9 with Security Update 2007-004.

FTPServer

CVE-ID: CVE-2007-0745

Available for: Mac OS X Server v10.4.9

Impact: Users with ftp access may be able to navigate to directories outside the normal scope

Description: Security Update 2007-004 applied an incorrect ftp configuration file for Mac OS X Server v10.4.9 systems. Users with ftp access, who would normally be restricted to certain directories, may be able to access directories outside the normal scope. This update addresses the issue by restoring the correct version of the ftp configuration file. This issue only affects Mac OS X Server v10.4.9 with Security Update 2007-004.

Security Update 2007-004 is recommended for all users and improves the security of the following components:

• AFP Client
• AirPort
• CarbonCore
• diskdev_cmds
• fetchmail
• ftpd
• gnutar
• Help Viewer
• HID Family
• Installer
• Kerberos
• Libinfo
• Login Window
• network_cmds
• SMB
• System Configuration
• URLMount
• Video Conference
• WebDAV

I have installed the update with no problems - the update required a restart of the machine. When you restart it does take a bit of time - and the machine may restart itself a second time before it starts up again after the update. As usual it is a good idea to repair permissions before and after the update.

Get it from Apple Support Downloads or via your Software Update.

This is a 37.6 MB download

Apple has released a compatibility update for third-party access points configured to use Wi-Fi Protected Access (WPA) or WPA2 security protocols.

This update is recommended for all Intel-based Macintosh computers. System requirements to apply the patch include Mac OS X v10.4.8, an Intel-based Mac and AirPort Extreme Update 2007-002.

I have installed the updated with no problems - the update required a restart of the machine. As usual it is a good idea to repair permissions before and after the update.

Get it from Apple Support Downloads or via your Software Update.

This is a 3 MB download

Apple has released a comprehensive security update addressing a series of vulnerabilities mainly on a local user level - but also patching a few remote issues.

Also this update fixes two previously unresolved MOAB’s (MOAB-30-01-2007 and MOAB-26-01-2007).

I maintain a status of the the issues reported during the “Month of Apple Bugs” - please let me know if I have missed something.

AFP Client

CVE-ID: CVE-2007-0729

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: A local user may obtain system privileges

Description: Under certain circumstances, AFP Client may execute commands without properly cleaning the environment. This may allow a local user to create files or execute commands with system privileges. This update addresses the issue by cleaning the environment prior to executing commands.

AirPort

CVE-ID: CVE-2007-0725

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: A local user may be able to execute arbitrary code with elevated privileges

Description: A buffer overflow vulnerability exists in the AirPortDriver module which processes control commands for AirPort. By sending malformed control commands, a local user could trigger the overflow which may lead to arbitrary code execution with elevated privileges. This issue affects eMac, iBook, iMac, PowerBook G3, PowerBook G4, and Power Mac G4 systems equipped with an original AirPort card. This issue does not affect systems with the AirPort Extreme card. This update addresses the issue by performing proper bounds checking.

CarbonCore

CVE-ID: CVE-2007-0732

Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: A local user may be able to execute arbitrary code with elevated privileges

Description: The CoreServices daemon could allow a local user to obtain a send right to its Mach task port, which may lead to arbitrary code execution with elevated privileges. This update addresses the issue by through improved checks in the CoreServices interprocess communication. This issue does not affect systems prior to Mac OS X v10.4.

diskdev_cmds

CVE-ID: CVE-2007-0734

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Opening a maliciously-crafted UFS disk image may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption vulnerability exists in fsck. It is possible to cause fsck to be run automatically on a disk image when it is opened. By enticing a user to open a maliciously-crafted disk image, or to run fsck on any maliciously-crafted UFS filesystem, an attacker could trigger the issue which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of UFS filesystems.

fetchmail

CVE-ID: CVE-2006-5867

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: fetchmail may send passwords in plain text, even when configured to use TLS

Description: fetchmail is updated to version 6.3.6 to fix a vulnerability that could allow authentication credentials to be sent in plain text, despite being configured to use TLS. This issue is described on the fetchmail web site at http://fetchmail.berlios.de/fetchmail-SA-2006-02.txt

ftpd

CVE-ID: CVE-2006-6652

Available for: Mac OS X v10.3.9, Mac OS X v10.4.9

Impact: FTP operations by authenticated FTP users may lead to arbitrary code execution

Description: lukemftpd has been updated to version tnftpd 20061217 to address a buffer overflow vulnerability in the handling of commands with globbing characters that could lead to arbitrary code execution. This issue does not affect Mac OS X Server v10.3.9 or Mac OS X Server v10.4.9. Credit to Kevin Finisterre of DigitalMunition for reporting this issue.

GNU Tar

CVE-ID: CVE-2006-0300

Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Listing or extracting a maliciously-crafted tar archive may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow vulnerability exists in the handling of PAX extended headers in GNU tar archives. By enticing a local user to list or extract a maliciously-crafted tar archive, an attacker can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This issue has been addressed by performing additional validation of tar files. This issue does not affect systems prior to Mac OS X 10.4.

Help Viewer

CVE-ID: CVE-2007-0646

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Opening a help file with a maliciously-crafted name may lead to an unexpected application termination or arbitrary code execution

Description: A format string vulnerability exists in the Help Viewer application. By enticing a user to download and open a help file with a maliciously-crafted name, an attacker can trigger the vulnerability which may lead to an unexpected application termination or arbitrary code execution. This has been described on the Month of Apple Bugs web site (MOAB-30-01-2007). This update addresses the issue by eliminating any format string processing of file names.

HID Family

CVE-ID: CVE-2007-0724

Available for: Mac OS X v10.4 through Mac OS X v10.4.9, Mac OS X Server v10.4 through Mac OS X Server v10.4.9

Impact: Console keyboard events are exposed to other users on the local system

Description: Insufficient controls in the IOKit HID interface allow any logged in user to capture console keystrokes, including passwords and other sensitive information. This update addresses the issue by limiting HID device events to processes belonging to the current console user. Credit to Andrew Garber of University of Victoria, Alex Harper, and Michael Evans for reporting this issue. This fix was originally distributed via the Mac OS X v10.4.9 update. However, due to a packaging issue it may not have been delivered to all systems. This update redistributes this fix in order to reach all affected systems.

Installer

CVE-ID: CVE-2007-0465

Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Opening an installer package with a maliciously-crafted name may lead to an unexpected application termination or arbitrary code execution

Description: A format string vulnerability exists in the Installer application. By enticing a user to download and install an installer package with a maliciously-crafted file name, an attacker can trigger the vulnerability which may lead to an unexpected application termination or arbitrary code execution. This issue has been described on the Month of Apple Bugs web site (MOAB-26-01-2007). This update addresses the issue by eliminating any format string processing of file names. This issue does not affect systems prior to Mac OS X v10.4.

Kerberos

CVE-ID: CVE-2006-6143

Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Running the Kerberos administration daemon may lead to an unexpected application termination or arbitrary code execution with system privileges

Description: An uninitialized function pointer vulnerability exists in the MIT Kerberos administration daemon (kadmind), which may lead to an unexpected application termination or arbitrary code execution with system privileges. Further information on the issue and the patch applied is available via the MIT Kerberos website at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2006-002-rpc.txt. This issue does not affect systems prior to Mac OS X v10.4. Credit to the MIT Kerberos Team and an anonymous researcher working with iDefense for reporting this issue.

Kerberos

CVE-ID: CVE-2007-0957

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Running the Kerberos administration daemon or the KDC may lead to an unexpected application termination or arbitrary code execution with system privileges

Description: A stack buffer overflow vulnerability exists in the MIT Kerberos administration daemon (kadmind), as well as the KDC, which may lead to an unexpected application termination or arbitrary code execution with system privileges. Further information on the issue and the patch applied is available via the MIT Kerberos website at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt. Credit to the MIT Kerberos Team for reporting this issue.

Kerberos

CVE-ID: CVE-2007-1216

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Running the Kerberos administration daemon may lead to an unexpected application termination or arbitrary code execution with system privileges

Description: A double-free vulnerability exists in the GSS-API library used by the MIT Kerberos administration daemon (kadmind), which may lead to an unexpected application termination or arbitrary code execution with system privileges. Further information on the issue and the patch applied is available via the MIT Kerberos website at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-003.txt. Credit to the MIT Kerberos Team for reporting this issue.

Libinfo

CVE-ID: CVE-2007-0735

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Visiting malicious websites may lead to an unexpected application termination or arbitrary code execution

Description: In some cases, Libinfo does not correctly report errors to applications that use it. By enticing a user to visit a maliciously-crafted web page, an attacker can cause a previously deallocated object to be accessed, which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing appropriate error reporting in Libinfo. Credit to Landon Fuller of Three Rings Design for reporting this issue.

Libinfo

CVE-ID: CVE-2007-0736

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Remote attackers may be able to cause a denial of service or arbitrary code execution if the portmap service is enabled

Description: An integer overflow vulnerability exists in the RPC library. By sending maliciously-crafted requests to the portmap service, a remote attacker can trigger the overflow which may lead to a denial of service or arbitrary code execution as the ‘daemon’ user. This update addresses the issue by performing additional validation of portmap requests. Credit to the Mu Security Research Team for reporting this issue.

Login Window

CVE-ID: CVE-2007-0737

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: A local user may obtain system privileges

Description: Login Window does not sufficiently check its environment variables. This could allow a local user to execute arbitrary code with system privileges. This update addresses the issue by through improved validation of Login Window environment variables.

Login Window

CVE-ID: CVE-2007-0738

Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: The screen saver authentication dialog may be bypassed

Description: Under certain conditions, the user’s preference to “require a password to wake the computer from sleep” is ignored, and a password is not required to wake from sleep. This update addresses the issue by through improved handling of this preference.

Login Window

CVE-ID: CVE-2007-0739

Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: The loginwindow authentication dialog may be bypassed

Description: Under certain conditions, the software update window may appear beneath the Login Window. This could allow a person with physical access to the system to log in without authentication. This update addresses the issue by only running scheduled tasks after the user login. This issue does not affect systems prior to Mac OS X v10.4.

network_cmds

CVE-ID: CVE-2007-0741

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Remote attackers may be able to cause a denial of service or arbitrary code execution if Internet Sharing is enabled

Description: A buffer overflow vulnerability exists in the handling of RTSP packets in natd. By sending malformed RTSP packets, a remote attacker may be able to trigger the overflow which may lead to arbitrary code execution. This issue only affects users who have Internet Sharing enabled. This update addresses the issue by performing additional validation of rtsp packets.

SMB

CVE-ID: CVE-2007-0744

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: A local user may obtain system privileges

Description: Under certain circumstances, SMB may execute commands without properly cleaning the environment. This may allow a local user to create files or execute commands with system privileges. This update addresses the issue by cleaning the environment prior to executing commands.

System Configuration

CVE-ID: CVE-2007-0022

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Local admin users may execute arbitrary code with system privileges without authentication

Description: Admin users have the ability to alter system preferences through the writeconfig utility. When the writeconfig utility launches the launchctl utility, it does not clean the environment inherited from the user. This could allow arbitrary code execution with system privileges without authentication. This issue has been described on the Month of Apple Bugs web site (MOAB-21-01-2007). This update addresses the issue by cleaning the environment before calling the launchctl utility.

URLMount

CVE-ID: CVE-2007-0743

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: A local users may obtain other user’s authentication credentials

Description: The username and password used to mount remote filesystems through connections to SMB servers are passed to the mount_smb command as command line arguments, which may expose them to other local users. This update addresses the issue by securely passing the authentication credentials to the mount_smb command. Credit to Daniel Ball of Pittsburgh Technical Institute, Geoff Franks of Hauptman Woodward Medical Research Institute, and Jamie Cox of Sophos Plc for reporting this issue.

VideoConference

CVE-ID: CVE-2007-0746

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Remote attackers may be able to cause an unexpected application termination or arbitrary code execution if iChat is running.

Description: A heap buffer overflow vulnerability exists in the VideoConference framework. By sending a maliciously-crafted SIP packet when initializing an audio/video conference, an attacker can trigger the overflow which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of SIP packets.

WebDAV

CVE-ID: CVE-2007-0747

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: A local user may obtain system privileges

Description: When mounting a WebDAV filesystem, the load_webdav program may be launched without properly cleaning the environment. This may allow a local user to create files or execute commands with system privileges. This update addresses the issue by cleaning the environment prior to executing commands.

WebFoundation

CVE-ID: CVE-2007-0742

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9

Impact: Cookies set by subdomains may be accessible to the parent domain

Description: An implementation issue allows cookies set by subdomains to be accessible to the parent domain, which may lead to the disclosure of sensitive information. This update addresses the issue by performing additional validation of the domain to which a cookie is being sent. This issue does not affect systems running Mac OS X v10.4. Credit to Bradley Schwoerer of University of Wisconsin-Madison for reporting this issue.

I have installed the updated with no problems - the update required a restart of the machine. When you restart it does take a bit of time - and the machine may restart itself a second time before it starts up again after the update. As usual it is a good idea to repair permissions before and after the update.

Get it from Apple Support Downloads or via your Software Update.

This is a 37.6 MB download

Apple has documented a new “feature” in the latest 10.4.9 release as follows:

After installing Mac OS X 10.4.9, pressing the Media Eject key on the Apple keyboard does not always eject media from the optical disk drive nor display the eject symbol on the screen.

Products affected

Mac OS X 10.4.9

Solution

To prevent accidentally ejecting media, Mac OS X 10.4.9 adds a slight delay to the Media Eject key before it takes effect. To eject a disc, press and hold the Media Eject key. The disc will eject normally and the screen will display the eject symbol.