Apple has released Security Update patches for Mac OS X 10.3.9 and 10.4.2 Client and Server systems.
The patches are described as: “Delivering a number of security enhancements”, and are “recommended for all Mac users”, Apple said.
Specific improvements have been made in: BlueTooth, CoreFoundation, cups, Directory Services, HIToolBox, Kerberos, loginwindow, Mail, OpenSSL, QuartzComposerScreenSaver, Security Interface, Safari, X11 and zlib.
The latest security update fixes several issues with AppKit, including a buffer overflow in the handling of maliciously crafted rich text files that could lead to arbitrary code execution. The update prevents the buffer overflow from occurring.
Beating the buffer overflows
A similar buffer overflow was fixed that affects applications such as TextEdit that use AppKit to open Microsoft Word documents. Apple noted that Microsoft Word for Mac OS X is not vulnerable.
A buffer overflow in Directory Services that handles authentication could lead to arbitrary code execution by a remote attacker. This update prevents the buffer overflow from occurring. Another Directory Services vulnerability focused on several security flaws with the privileged tool dsidentity. The flaw could allow non-administrative users to add or remove identity user accounts in Directory Services. dsidentity and its documentation have been removed as of this update.
Kerberos has been updated to version 5.5.1, which fixes multiple buffer overflow vulnerabilities that could result in denial of service or remote compromise of a KDC.
The loginwindow in Mac OS X 10.4.2 has been updated fixing a flaw in the handling of Fast User Switching that can allow a local user who knows the password for two accounts to log into a third account without knowing the password.
In some circumstances Apple’s Mail application would attempt to load remote images even if a user’s preferences disallow it. This privacy issue has been fixed with the security update.
Multiple vulnerabilities with MySQL in Mac OS X 10.3.9 were fixed that would allow arbitrary code execution by remote authenticated users. This issue did not affect users of Mac OS X 10.4.
Two issues with Safari were fixed including a flaw that could allow arbitrary command execution by clicking on a link in a maliciously crafted rich text file in Safari. In previous versions, Safari would render rich text content, allowing URLs to be called directly, effectively bypassing normal browser security checks.
The other update to Safari addressed an issue that could send information submitted in a form to the wrong Web site. When submitting forms in Safari on an XSL formatted page, data is sent to the next page browsed. This update addresses the issue by ensuring that form contents are submitted correctly.
More information and download links are available from Apple’s Website.