|
ALARM Group ALERT - click for a description of ALARM, The Computing Alert System
Alert Number: 042406-01
Alert Date: 04/24/06
Alert Title: Multiple *UNPATCHED* Vulnerabilities for Apple OS X
Update-to: None
OS/Platform/Application:
Mac OS X
Mac OS X Server
Category: ALERT
Severity: HIGH
Attention: Apple OS X System Administrators/Users, Desktop Support Personnel |
Summary: Several Internet Security Resources are reporting the existence of multiple security vulnerabilities in Apple's OS X Operating system. The vulnerabilities are related to the mishandling of common file types such as .GIF, .BMP, .TIF, as well as .ZIP files and HTML tags. Vectors of exploitation include opening of maliciously-crafted web pages or .ZIP files. successful exploitation of these vulnerabilities could result in application crash and/or execution of arbitrary code. Proof of Concept (PoC) exploit code has been made publicly available for some of these vulnerabilities. At the time of this writing (10:26 AM 4/24/06) no vendor-supplied or 3rd-party patches have been released to address these vulnerabilities.
Recommended Actions: Mac OS X administrators/users are encouraged to read the all of the vulnerability information in the links provided below and to consider the suggested workaround of avoiding untrusted websites/ZIP archives or images until patches for these vulnerabilities have been released.
ITS Actions: N/A
Resources:
Secunia Advisory Summary:
http://secunia.com/advisories/19686/
FrSIRT Advisory Summary:
http://www.frsirt.com/english/advisories/2006/1452
Vulnerability-specific alerts:
http://www.security-protocols.com/sp-x25-advisory.php
http://www.security-protocols.com/sp-x26-advisory.php
http://www.security-protocols.com/sp-x27-advisory.php
http://www.security-protocols.com/sp-x28-advisory.php
http://www.security-protocols.com/sp-x29-advisory.php
http://www.security-protocols.com/sp-x30-advisory.php
