Apple Mac OS X 10.6.7 is going out with a bang after Cupertino released the final security update for Snow Leopard OS and Snow Leopard server, containing a total of 28 patches that repaired a slew of vulnerabilities.
In addition, Apple also released a security-focused update for Mac OS X 10.5, or Leopard, repairing a total of 13 flaws.
The hefty Snow Leopard update, which will bring Mac up to version 10.6.8, is a prerequisite for the impending upgrade to Apple’s Lion OS in July. The final Snow Leopard update contains a myriad of compatibility, stability and security fixes in order for users to segue to the new Mac OS platform.
Altogether, the update contains an array of fixes for App Store, AirPort, Apple Type Services (ATS) Certificate Trust Policy, ColorSync, CoreFoundation, CoreGraphics, FTP Server, ImageIO, Kernel, MobileMe, MySQL, Libsystem, libxslt, patch, QuickLook, QuickTime, servermgrd, subversion and Samba. Many of the fixes plugged holes that enabled remote code execution and denial of service attacks.
At the forefront of the patch were enhancements to the Mac App Store “to get your Mac ready to upgrade to Mac OS X Lion,” Apple said in its update. Specifically, the update resolves an issue that causes the App Store to log the user’s AppleID password to a file that is not readable by other users on the system. The fix improves the way credentials are handled.
In addition, the update resolved an issue that caused users’ Preview to unexpectedly quit. It also fixed a null dereference issue in the handling of IPv6 socket options that could cause a local user to initiate a system reset.
In addition, Apple shipped the latest version with beefed up protections against the Mac Defender and Mac Guard scareware virueses, which ravaged the Mac OS X for tens of thousands of users in May. Included in the giant patch were five updates for Apple’s default media player QuickTime. The multiple patches repaired integer overflow and memory corruption flaws, all of which could lead to remote code execution attacks. During a successful attack, a hacker would entice a user to open a malicious movie file, WAV file or PICT image or JPEG file, usually through some kind of social engineering scheme. The user would install malware upon opening the specially crafted file, which would enable the hacker to take complete control of their system to access and steal personal or financial information.
In addition, Apple repaired an out of bounds memory read issue in AirPort, which allowed an attacker to cause a system reset when connected to the same Wi-Fi network as the user.
Apple also released two patches for ImageIO, repairing heap buffer overflow vulnerabilities in TIFF and JPEG2000 images. Both flaws enabled hackers to launch malicious attacks remotely by enticing users to open infected TIFF files or specially crafted Web sites.
Included in the patch were two fixes for Samba, the first of which repaired a stack buffer overflow glitch in Samba’s handling of Windows Security IDs that opened the door for arbitrary code execution attacks if an SMB file sharing was enabled. The second Samba patch plugged a memory corruption flaw in Samba’s handling of file descriptors that also allowed remote code execution if the SMB file sharing was enabled.
Additionally, Apple patched eight vulnerabilities in the MySQL implementation that ships with Mac OS X, the most serious of which allowed remote code execution attacks.