Latest Mac OS X security update addresses 26 vulnerabilities

By Scott M. Fulton, III | Published September 16, 2008, 1:10 PM

With greater market share comes greater responsibility; and now the maker of the operating system that analysts believe put Apple back among the US' top five PC producers, finds itself busy addressing some very old-style security holes.

An issue with null pointer dereferencing is among 26 security holes addressed by Apple in its latest Mac OS X 10.5.5 update package, and the details of that little problem are being revealed just today. Usually programs that are terminated clean up after themselves, but if you can find a way to terminate a program cold, it leaves behind pointers to memory that can be abused by malicious users.

The latest case in point, according to reports from both Apple and the French security team FrSIRT this morning, involves the Mac's single most prominent program, Finder -- the user's principal tool for locating and managing files.

As Yuxuan Wang, a researcher with Chinese search engine provider Sogou, is credited with having discovered, a malicious user who gains access to the local network (albeit by other clandestine means) can conceivably terminate Finder in mid-process. If Finder happens to be looking for a remote disk volume during that time, it can leave a null memory pointer active -- or in programmers' terms, not dereferenced.

Typically, when a memory pointer points to "null," that's a meaningful thing. It means there's nothing there, and a routine can test for the null-ness of a pointer to determine what to do next. Unless and until Finder finds that remote disk, this particular pointer may remain null. And that's a problem, because if a malicious user knows the address of that pointer, he can potentially use that address to fill that space with arbitrary code. Or, in this less-than-worst-case scenario, he can simply cause the system to be destabilized for a denial-of-service attack.

Also among the 26 vulnerabilities addressed is one discovered by veteran researchers at Oak Ridge National Laboratory. It impacts the system kernel, and deals specifically with a different part of system cleanup.

Files being referenced in memory have "handles" that essentially include the entire dossier of what processes or accounts are being used to access the file, pointers to the file itself, and the credentials of the active user(s) of that file. In the Mac OS (among others), those handles are called vnodes. Oak Ridge researchers learned that, when some programs that utilize files are cleared from memory, they may leave some vnodes behind intact -- and along with them, copies of cached and validated credentials. If a malicious user knew where to look, she could commandeer an existing validation.

How old is this issue? With respect to computing systems in general and not just Macintosh, academia and laboratories have been concerned with the possibility of unauthorized processes hacking cached credentials since at least 1991, when a University of Michigan research team (PDF available here) first wrote a treatise describing how remote users could hijack their remote file systems.

Comments

View comments by with a score of at least

Mac OS X is still the most secure OS by far. Not to mention the most advanced, feature rich and complete experience of any platform right out of the box. :)

End of story. Have a great day.

Score: 0

|

Funny how several sources have already stated just the opposite of your opinion.

Score: 0

|

chupame el pene cabron de mierda

Score: 0

|

Apple please put the finishing touches on OSx XI 10.6 since freeBSD has been out for sometime now.

Score: 0

|

...what?

Score: 0

|

Don't wait for him to try to make any sense of that...

Its comical to watch abject idiots post about that which they have absolutely no clue...

Score: 0

|

Tell me about it. [smiles]

Score: 0

|

just wait 'till internetworld7 comes around

Score: 0

|

Yawn...

But not to worry - the same MS fanboys who KNOW security holes will no doubt marvel that a platform can conceivably be more fundamentally secure than their screen door submarine.

Score: 0

|

Speaking of fanboys..... [whistling] Its easier to be secure when hardly anyone uses it.

BTW, I'm for Linux..... [smiles]

Score: 0

|

LOL! SO you say I am an OSX fanboy, an Tool says I am an AIX fanboy...

The fact is that i will use whatever is most appropriate and allows me to do the most. Even Windows - although except for games, it is by far the least robust, the most insecure, and the easiest to corrupt just through normal (proper) operation of any environment I have ever encountered. And it falls far short of the claims of so many compared to alternative environments.

And ironically, OSX has the largest installed user base of ANY UNIX...so your 'hardly anyone uses it' is laughable, not to mention the historical code base upon which it is predicated...yup, that UNIX stuff sure is obtuse...

Especially considering the lengths some will go to to use the mini UNIX-like Linux where so many have gone to so much trouble to modify a ubiquitous file structure so as to look like Windows just so all of the Windows folks can stare and say "what?"...

...so much for innovation.

And after all is said and done and you have Linux installed, you have a relatively robust small-midrange server as you sit out in left field without applications and the inability to talk natively with Windows....

No wonder you're laughing. Its either that or cry. But all's not lost - look, you have your choice of desktops! LOL!

Score: 0

|

And choice is the most important thing of all.

My original comment about MacOS was because of the attitude of many of those who will play up it as if it were absolutely perfect with no faults at all. Did you know that the Mac is also known as the Crashentosh? [smiles]

Score: 0

|

Did you also know that Linux like Opera still has less than a 1% desktop market share? And you claim hardly anyone uses a Mac? [smiles]

Score: 0

|

Security vulnerabilities in Mac OS!!!!!! Say it isn't so.... [smiles]

Score: 0

|

Report: Microsoft to randomize Europe's browser screen choices

The fact that "A" is for "Apple" was apparently at the heart of browser vendor objections to Microsoft's alternative to listing IE first.

Acer eclipses Dell for #2 spot in global PC shipments, says iSuppli data

It literally does look like a 360-degree turnaround in Dell's fortunes, as the bells of bad tidings now toll solely for Dell.

Microsoft, don't hang up on Windows Mobile, but do call for help

Only a Manhattan Project can save Microsoft's phone strategy now.

See ya later, WinMo: Microsoft's mobile strategy needs a reboot

Carmi Levy | Wide Angle Zoom: Hands up if you're considering upgrading to a Windows phone for the holidays...Anybody?

Will Nokia's plans further alienate American consumers?

A look at Nokia's plans for the coming years does little to shine up the company's increasingly dull image.

Bing bonked by service outage Thursday, Microsoft configured the wrong server

It's always nice to have a backup, but it's even nicer to remember which one is the backup. That's the lesson Bing's admins learned yesterday evening.

Survey reveals there are more women then men, including on social networks

If you think you can market your products and services online as though you're selling car batteries in the middle of halftime, think again. And again.

Android team updates 'Donut' and 'Eclair' SDKs

The Android SDK includes components which optimize app development for each version of the mobile operating system. Today, the 1.6 and 2.0 components got updates.

The Black Screen Syndrome, or, Tech news in search of the apocalypse

Scott Fulton On Point: This is a story about something that should not have been a story, about something that at one time was a story.

Online advertising evolves away from display, toward interactive software

Marketing departments and agencies are increasingly establishing positions for "creative technologists" who can steer designers and developers toward platforms that enable direct connections with consumers.

Comcast deal for NBC Universal is about content, not broadband

Although Comcast is certainly America's largest broadband provider, at least for PCs, in most regards, today's deal with GE may not impact the Internet at all.