Friday, April 21, 2006

Mac OS X Multiple Potential Vulnerabilities

Tom Ferris has reported some potential vulnerabilities in Mac OS X, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.

1) An error exists in the "BOMStackPop()" function in the BOMArchiveHelper when decompressing malformed ZIP archives.

2) Some errors exists in the "KWQListIteratorImpl()", "drawText()", and "objc_msgSend_rtp()" functions in Safari when processing malformed HTML tags.

3) An error exists in the "ReadBMP()" function when processing malformed BMP images and can be exploited via e.g. Safari or the Preview application.

4) An error exists in the "CFAllocatorAllocate()" function when processing malformed GIF images and can be exploited via e.g. Safari when a user visits a malicious web site.

5) Two errors exists in the " _cg_TIFFSetField ()" and "PredictorVSetField()" functions when processing malformed TIFF images and can be exploited via e.g. the Preview, Finder, QuickTime, or Safari applications.

The vulnerabilities have been reported in version 10.4.6. Other versions may also be affected.

Solution:
Do not visit untrusted web sites, and do not open ZIP archives or images originating from untrusted sources.

Provided and/or discovered by:
Tom Ferris

Original Advisory:
Tom Ferris:
http://www.security-protocols.com/sp-x25-advisory.php
http://www.security-protocols.com/sp-x26-advisory.php
http://www.security-protocols.com/sp-x27-advisory.php
http://www.security-protocols.com/sp-x28-advisory.php
http://www.security-protocols.com/sp-x29-advisory.php
http://www.security-protocols.com/sp-x30-advisory.php

No comments:

Post a Comment