RSSLatest Mac OS X security update addresses 26 vulnerabilities
By Scott M. Fulton, III | Published September 16, 2008, 1:10 PM
With greater market share comes greater responsibility; and now the maker of the operating system that analysts believe put Apple back among the US' top five PC producers, finds itself busy addressing some very old-style security holes.
An issue with null pointer dereferencing is among 26 security holes addressed by Apple in its latest Mac OS X 10.5.5 update package, and the details of that little problem are being revealed just today. Usually programs that are terminated clean up after themselves, but if you can find a way to terminate a program cold, it leaves behind pointers to memory that can be abused by malicious users.
The latest case in point, according to reports from both Apple and the French security team FrSIRT this morning, involves the Mac's single most prominent program, Finder -- the user's principal tool for locating and managing files.
As Yuxuan Wang, a researcher with Chinese search engine provider Sogou, is credited with having discovered, a malicious user who gains access to the local network (albeit by other clandestine means) can conceivably terminate Finder in mid-process. If Finder happens to be looking for a remote disk volume during that time, it can leave a null memory pointer active -- or in programmers' terms, not dereferenced.
Typically, when a memory pointer points to "null," that's a meaningful thing. It means there's nothing there, and a routine can test for the null-ness of a pointer to determine what to do next. Unless and until Finder finds that remote disk, this particular pointer may remain null. And that's a problem, because if a malicious user knows the address of that pointer, he can potentially use that address to fill that space with arbitrary code. Or, in this less-than-worst-case scenario, he can simply cause the system to be destabilized for a denial-of-service attack.
Also among the 26 vulnerabilities addressed is one discovered by veteran researchers at Oak Ridge National Laboratory. It impacts the system kernel, and deals specifically with a different part of system cleanup.
Files being referenced in memory have "handles" that essentially include the entire dossier of what processes or accounts are being used to access the file, pointers to the file itself, and the credentials of the active user(s) of that file. In the Mac OS (among others), those handles are called vnodes. Oak Ridge researchers learned that, when some programs that utilize files are cleared from memory, they may leave some vnodes behind intact -- and along with them, copies of cached and validated credentials. If a malicious user knew where to look, she could commandeer an existing validation.
How old is this issue? With respect to computing systems in general and not just Macintosh, academia and laboratories have been concerned with the possibility of unauthorized processes hacking cached credentials since at least 1991, when a University of Michigan research team (PDF available here) first wrote a treatise describing how remote users could hijack their remote file systems.
Mac OS X is still the most secure OS by far. Not to mention the most advanced, feature rich and complete experience of any platform right out of the box. :)
End of story. Have a great day.
Score: 0
Funny how several sources have already stated just the opposite of your opinion.
Score: 0
chupame el pene cabron de mierda
Score: 0
Apple please put the finishing touches on OSx XI 10.6 since freeBSD has been out for sometime now.
Score: 0
...what?
Score: 0
Don't wait for him to try to make any sense of that...
Its comical to watch abject idiots post about that which they have absolutely no clue...
Score: 0
Tell me about it. [smiles]
Score: 0
just wait 'till internetworld7 comes around
Score: 0
Yawn...
But not to worry - the same MS fanboys who KNOW security holes will no doubt marvel that a platform can conceivably be more fundamentally secure than their screen door submarine.
Score: 0
Speaking of fanboys..... [whistling] Its easier to be secure when hardly anyone uses it.
BTW, I'm for Linux..... [smiles]
Score: 0
LOL! SO you say I am an OSX fanboy, an Tool says I am an AIX fanboy...
The fact is that i will use whatever is most appropriate and allows me to do the most. Even Windows - although except for games, it is by far the least robust, the most insecure, and the easiest to corrupt just through normal (proper) operation of any environment I have ever encountered. And it falls far short of the claims of so many compared to alternative environments.
And ironically, OSX has the largest installed user base of ANY UNIX...so your 'hardly anyone uses it' is laughable, not to mention the historical code base upon which it is predicated...yup, that UNIX stuff sure is obtuse...
Especially considering the lengths some will go to to use the mini UNIX-like Linux where so many have gone to so much trouble to modify a ubiquitous file structure so as to look like Windows just so all of the Windows folks can stare and say "what?"...
...so much for innovation.
And after all is said and done and you have Linux installed, you have a relatively robust small-midrange server as you sit out in left field without applications and the inability to talk natively with Windows....
No wonder you're laughing. Its either that or cry. But all's not lost - look, you have your choice of desktops! LOL!
Score: 0
And choice is the most important thing of all.
My original comment about MacOS was because of the attitude of many of those who will play up it as if it were absolutely perfect with no faults at all. Did you know that the Mac is also known as the Crashentosh? [smiles]
Score: 0
Did you also know that Linux like Opera still has less than a 1% desktop market share? And you claim hardly anyone uses a Mac? [smiles]
Score: 0
Security vulnerabilities in Mac OS!!!!!! Say it isn't so.... [smiles]
Score: 0