Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > November 2007 > 3476 - Apple Security Update 2007-008

November 2007

3476 - Apple Security Update 2007-008

ID: 3476
Date: 15/11/2007
Title: 3476 - Apple Security Update 2007-008
Platform level affected:Net Application - Client
Specific operating systems components affected: Apple Mac OS
Other software: Other
Remediation Summary:Update your copy of the software with the download available from the supplier.
Vendors affected:Apple
Adversity source: Unknown
Attack Vector: Vulnerability exploitation
Virulence: Unknown
Warning Status: Imminent
Potential Damage: Remote execution/modification
Possible Duration: Unknown
Availability of fix: Available
Type of fix: Patch
Source: Apple
Reliability of source: Trusted
Source URL: http://docs.info.apple.com/article.html?artnum=307041
Abstract: Document that describes the security content of Mac OS X v10.4.11 and Apple Security Update 2007-008

This document describes the security content of Mac OS X v10.4.11 and Security Update 2007-008, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

http://docs.info.apple.com/article.html?artnum=106704
http://www.apple.com/support/downloads/

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

http://www.apple.com/support/security/

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

http://www.apple.com/support/security/pgp/

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

****************************************

Mac OS X v10.4.11 and Security Update 2007-008
Flash Player Plug-in

CVE-ID: CVE-2007-3456

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: Opening maliciously crafted Flash content may lead to arbitrary code execution

Description: An input validation issue exists in Adobe Flash Player. By enticing a user to open maliciously crafted Flash content, an attacker may cause arbitrary code execution. This update addresses the issue by updating Adobe Flash Player to version 9.0.47.0. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb07-12.html

AppleRAID

CVE-ID: CVE-2007-4678

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: Opening a maliciously crafted disk image may lead to an unexpected system shutdown

Description: A null pointer dereference issue in AppleRAID may be triggered when mounting a striped disk image. This may lead to an unexpected system shutdown. Note that Safari will automatically mount disk images when "Open `safe' files after downloading" is enabled. This update addresses the issue by performing additional validation of disk images. Credit to Mark Tull of SSAM1 at University of Hertfordshire, and Joel Vink of Zetera Corporation for reporting this issue.

BIND

CVE-ID: CVE-2007-2926

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: An attacker may be able to control the content provided by a DNS server

Description: ISC BIND 9 through 9.5.0a5 uses a weak random number generator during the creation of DNS query IDs when answering resolver questions or sending NOTIFY messages to slave name servers. This makes it easier for remote attackers to guess the next query ID and perform DNS cache poisoning. This update addresses the issue by improving the random number generator.

bzip2

CVE-ID: CVE-2005-0953, CVE-2005-1260

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: Multiple vulnerabilities in bzip2

Description: bzip2 has been updated to version 1.0.4 to address a remote denial of service, and a race condition which occurs during modification of file permissions. Further information is available via the bzip2 web site at http://bzip.org/

CFFTP

CVE-ID: CVE-2007-4679

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

A user's FTP client could be remotely controlled to connect to other hosts

Description: An implementation issue exists in the File Transfer Protocol (FTP) portion of CFNetwork. By sending maliciously crafted replies to FTP PASV (passive) commands, FTP servers are able to cause clients to connect to other hosts. This update addresses the issue by performing additional validation of IP addresses. This issue does not affect systems prior to Mac OS X v10.4. Credit to Dr Bob Lopez PhD for reporting this issue.

CFNetwork

CVE-ID: CVE-2007-4680

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: A remote attacker may be able to cause an untrusted certificate to appear trusted

Description: An issue exists in the validation of certificates. A man-in-the-middle attacker may be able to direct the user to a legitimate site with a valid SSL certificate, then re-direct the user to a spoofed web site that incorrectly appears to be trusted. This could allow user credentials or other information to be collected. This update addresses the issue through improved validation of certificates. Credit to Marko Karppinen, Petteri Kamppuri, and Nikita Zhuk of MK&C for reporting this issue.

CFNetwork

CVE-ID: CVE-2007-0464

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: Parsing HTTP replies using the CFNetwork framework may result in an unexpected application termination

Description: A null pointer dereference issue exists in the CFNetwork framework. By enticing a user to use a vulnerable application to connect to a malicious server, an attacker may cause an unexpected application termination. There are no known vulnerable applications. This issue does not lead to arbitrary code execution. This has been described on the Month of Apple Bugs web site (MOAB-25-01-2007). This update addresses the issue by performing additional validation of HTTP replies. This issue does not affect systems prior to Mac OS X v10.4.

CoreFoundation

CVE-ID: CVE-2007-4681

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: Reading a directory hierarchy may lead to an unexpected application termination or arbitrary code execution

Description: A one byte buffer overflow may occur in CoreFoundation when listing the contents of a directory. By enticing a user to read a maliciously crafted directory hierarchy, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by ensuring that the destination buffer is sized to contain the data.

CoreText

CVE-ID: CVE-2007-4682

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: Viewing maliciously crafted text content may lead to an unexpected application termination or arbitrary code execution

Description: An uninitialized object pointer vulnerability exists in the handling of text content. By enticing a user to view maliciously crafted text content, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of object pointers. Credit to Will Dormann of the CERT/CC for reporting this issue.

Kerberos

CVE-ID: CVE-2007-3999, CVE-2007-4743

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: A remote attacker may be able to cause a denial of service or arbitrary code execution if the Kerberos administration daemon is enabled

Description: A stack buffer overflow exists in the MIT Kerberos administration daemon (kadmind), which may lead to an unexpected application termination or arbitrary code execution with system privileges. Further information is available via the MIT Kerberos website at http://web.mit.edu/Kerberos/ This issue does not affect systems prior to Mac OS X v10.4.

Kernel

CVE-ID: CVE-2007-3749

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: A local user may be able to execute arbitrary code with system privileges

Description: When executing a privileged binary, the kernel does not reset the current Mach thread port or thread exception port. As a result, a local user may be able to write arbitrary data into the address space of the process running as system, which could lead to arbitrary code execution with system privileges. This update addresses the issue by resetting all the special ports that need to be reset. Credit to an anonymous researcher working with the VeriSign iDefense VCP for reporting this issue.

Kernel

CVE-ID: CVE-2007-4683

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: Processes restricted via the chroot system call may access arbitrary files

Description: The chroot mechanism is intended to restrict the set of files that a process can access. By changing the working directory using a relative path, an attacker may bypass this restriction. This update addresses the issue by through improved access checks. Credit to Johan Henselmans and Jesper Skov for reporting this issue.

Kernel

CVE-ID: CVE-2007-4684

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: A local user may obtain system privileges

Description: An integer overflow exists within the i386_set_ldt system call, which may allow a local user to execute arbitrary code with elevated privileges. This update addresses the issue through improved validation of input arguments. Credit to RISE Security for reporting this issue.

Kernel

CVE-ID: CVE-2007-4685

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: A local user may obtain system privileges

Description: An issue exists in the handling of standard file descriptors while executing setuid and setgid programs. This could allow a local user to obtain system privileges by executing setuid programs with the standard file descriptors in an unexpected state. This update addresses the issue by initializing standard file descriptors to a known state when executing setuid or setgid programs. Credit to Ilja van Sprundel formerly of Suresec Inc. reporting this issue.

Kernel

CVE-ID: CVE-2006-6127

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: A local user may be able to cause an unexpected system shutdown

Description: An implementation issue exists in kevent() when registering a NOTE_TRACK kernel event with a kernel event queue created by a parent process. This could allow a local user to cause an unexpected system shutdown. This issue has been described on the Month of Kernel Bugs web site (MOKB-24-11-2006). This update addresses the issue by removing support for NOTE_TRACK event.

Kernel

CVE-ID: CVE-2007-4686

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: Maliciously crafted ioctl requests may lead to an unexpected system shutdown or arbitrary code execution with system privileges

Description: An integer overflow exists in the handling of an ioctl request. By sending a maliciously crafted ioctl request, a local user may cause an unexpected system shutdown or arbitrary code execution with system privileges. This update addresses the issue by performing additional validation of ioctl requests. Credit to Tobias Klein of www.trapkit.de for reporting this isssue.

remote_cmds

CVE-ID: CVE-2007-4687

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: If tftpd is enabled, the default configuration allows clients to access any path on the system

Description: By default, the /private/tftpboot/private directory contains a symbolic link to the root directory, which allows clients to access any path on the system. This update addresses the issue by removing the /private/tftpboot/private directory. Credit to James P. Javery of Stratus Data Systems, Inc. for reporting this issue.

Networking

CVE-ID: CVE-2007-4688

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: A remote user may obtain all addresses of a host

Description: An implementation issue exists in the Node Information Query mechanism, which may allow a remote user to query for all addresses of a host, including link-local addresses. This update addresses the issue by dropping node information queries from systems not on the local network. Credit to Arnaud Ebalard of EADS Innovation Works for reporting this issue.

Networking

CVE-ID: CVE-2007-4269

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: If AppleTalk is enabled, a local user may cause an unexpected system shutdown or arbitrary code execution with system privileges

Description: An integer overflow exists in the handling of ASP messages with AppleTalk. By sending a maliciously crafted ASP message on an AppleTalk socket, a local user may cause an unexpected system shutdown or arbitrary code execution with system privileges. This update addresses the issue by performing additional validation of ASP messages. Credit to Sean Larsson of VeriSign iDefense Labs for reporting this issue.

Networking

CVE-ID: CVE-2007-4689

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: Certain IPV6 packets may cause an unexpected system shutdown or arbitrary code execution

Description: A double-free issue exists in the handling of certain IPV6 packets, which may lead to an unexpected system shutdown or arbitrary code execution with system privileges. This update addresses the issue through improved handling of IPV6 packets. This issue does not affect systems with Intel processors. Credit to Bhavesh Davda of VMware, and Brian "chort" Keefer of Tumbleweed Communications for reporting this issue.

Networking

CVE-ID: CVE-2007-4267

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: If AppleTalk is enabled and in routing mode, a local user may cause an unexpected system shutdown or arbitrary code execution

Description: Adding a new AppleTalk zone could trigger a stack buffer overflow issue. By sending a maliciously crafted ioctl request to an AppleTalk socket, a local user may cause an unexpected system shutdown or arbitrary code execution with system privileges. This update addresses the issue in AppleTalk through improved bounds checking on ioctl requests. Credit to an anonymous researcher working with the VeriSign iDefense VCP for reporting this issue.

Networking

CVE-ID: CVE-2007-4268

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: If AppleTalk is enabled, a local user may cause an unexpected system shutdown or arbitrary code execution with system privileges

Description: An arithmetic error exists in AppleTalk when handling memory allocations, which may lead to a heap buffer overflow. By sending a maliciously crafted AppleTalk message, a local user may cause an unexpected system shutdown or arbitrary code execution with system privileges. This update addresses the issue through improved bounds checking on AppleTalk messages. Credit to Sean Larsson of VeriSign iDefense Labs for reporting this issue.

NFS

CVE-ID: CVE-2007-4690

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: A maliciously crafted AUTH_UNIX RPC call may lead to an unexpected system shutdown or arbitrary code execution

Description: A double free issue in NFS may be triggered when processing an AUTH_UNIX RPC call. By sending a maliciously crafted AUTH_UNIX RPC call via TCP or UDP, a remote attacker may cause an unexpected system shutdown or arbitrary code execution. This update addresses the issue by through improved validation of AUTH_UNIX RPC packets. Credit to Alan Newson of NGSSoftware, and Renaud Deraison of Tenable Network Security, Inc. for reporting this issue.

NSURL

CVE-ID: CVE-2007-4691

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: Visiting a malicious web site may result in arbitrary code execution

Description: A case-sensitivity issue exists in NSURL when determining if a URL references the local file system. This may cause a caller of the API to make incorrect security decisions, potentially leading to the execution of files on the local system or network volumes without appropriate warnings. This update addresses the issue by using a case insensitive comparison.

Safari

CVE-ID: CVE-2007-0646

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: Opening a .download file with a maliciously crafted name may lead to an unexpected application termination or arbitrary code execution

Description: A format string vulnerability exists in Safari. By enticing a user to open a .download file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This has been described on the Month of Apple Bugs web site (MOAB-30-01-2007). This update addresses the issue through improved handling of format strings.

Safari

CVE-ID: CVE-2007-4692

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: An issue in Safari Tabbed browsing may lead to the disclosure of user credentials

Description: An implementation issue exists in the Tabbed browsing feature of Safari. If HTTP authentication is used by a site being loaded in a tab other than the active tab, an authentication sheet may be displayed although the tab and its corresponding page are not visible. The user may consider the sheet to come from the currently active page, which may lead to the disclosure of user credentials. This update addresses the issue through improved handling of authentication sheets. Credit to Michael Roitzsch of Technical University Dresden for reporting this issue.

SecurityAgent

CVE-ID: CVE-2007-4693

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: A person with physical access to a system may be able to bypass the screen saver authentication dialog

Description: When waking a computer from sleep or screen saver, a person with physical access may be able to send keystrokes to a process running behind the screen saver authentication dialog. This update addresses the issue through improved handling of keyboard focus between secure text fields. Credit to Faisal N. Jawdat for reporting this issue.

WebCore

CVE-ID: CVE-2007-4694

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: Local files may be loaded from remote content

Description: Safari does not block file:// URLs when loading resources. By enticing a user to visit a maliciously crafted website, a remote attacker may view the content of local files, which may lead to the disclosure of sensitive information. This update addresses the issue by preventing local files from being loaded from remote content. Credit to lixlpixel for reporting this issue.

WebCore

CVE-ID: CVE-2007-4695

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: Uploading a maliciously crafted file may allow the tampering of form data

Description: An input validation issue exists in the handling of HTML forms. By enticing a user to upload a maliciously crafted file, an attacker may alter the values of form fields, which may lead to unexpected behavior when the form is processed by the server. This update addresses the issue through improved handling of file uploads. Credit to Bodo Ruskamp of Itchigo Communications GmbH for reporting this issue.

WebCore

CVE-ID: CVE-2007-4696

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: Visiting a malicious website may lead to the disclosure of sensitive information

Description: A race condition exists in Safari's handling of page transitions. By enticing a user to visit a malicious web page, an attacker may be able to obtain information entered in forms on other web sites, which may lead to the disclosure of sensitive information. This update addresses the issue by properly clearing form data during page transitions. Credit to Ryan Grisso of NetSuite for reporting this issue.

WebCore

CVE-ID: CVE-2007-4697

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue exists in the handling of the browser's history. By enticing a user to visit a maliciously crafted web page, an attacker may cause an unexpected application termination or arbitrary code execution. Credit to David Bloom for reporting this issue.

WebCore

CVE-ID: CVE-2007-4698

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: Visiting a malicious website may result in cross-site scripting

Description: Safari allows JavaScript events to be associated with the wrong frame. By enticing a user to visit a maliciously crafted web page, an attacker may cause the execution of JavaScript in the context of another site. This update addresses the issue by associating JavaScript events with the correct source frame.

WebCore

CVE-ID: CVE-2007-3758

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: Visiting a malicious website may lead to cross-site scripting

Description: A cross-site scripting issue in Safari allows malicious websites to set JavaScript window properties of websites served from a different domain. By enticing a user to visit a maliciously crafted web page, an attacker may be able to get or set the window status and location of pages served from other websites. This update addresses the issue by providing improved access controls on these properties. Credit to Michal Zalewski of Google Inc. for reporting this issue.

WebCore

CVE-ID: CVE-2007-3760

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: Visiting a malicious website may result in cross-site scripting

Description: A cross-site scripting issue in Safari allows a malicious website to bypass the same origin policy by hosting embedded objects with javascript URLs. By enticing a user to visit a maliciously crafted web page, an attacker may cause the execution of JavaScript in the context of another site. This update addresses the issue by restricting the use of the javascript URL scheme and adding additional origin validation for these URLs. Credit to Michal Zalewski of Google Inc. and Secunia Research for reporting this issue.

WebCore

CVE-ID: CVE-2007-4671

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: JavaScript on websites may access or manipulate the contents of documents served over HTTPS

Description: An issue in Safari allows content served over HTTP to alter or access content served over HTTPS in the same domain. By enticing a user to visit a maliciously crafted web page, an attacker may cause the execution of JavaScript in the context of HTTPS web pages in that domain. This update addresses the issue by preventing JavaScript access from HTTP to HTTPS frames. Credit to Keigo Yamazaki of LAC Co., Ltd. (Little eArth Corporation Co., Ltd.) for reporting this issue.

WebCore

CVE-ID: CVE-2007-3756

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: Visiting a malicious website may lead to the disclosure of URL contents

Description: Safari may allow a web page to read the URL that is currently being viewed in its parent window. By enticing a user to visit a maliciously crafted web page, an attacker may be able to obtain the URL of an unrelated page. This update addresses the issue through an improved cross-domain security check. Credit to Michal Zalewski of Google Inc. and Secunia Research for reporting this issue.

WebKit

CVE-ID: CVE-2007-4699

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: Unauthorized applications may access private keys added to the keychain by Safari

Description: By default, when Safari adds a private key to the keychain, it allows all applications to access the key without warning. This update addresses the issue by asking the user for permission when applications other than Safari attempt to use the key.

WebKit

CVE-ID: CVE-2007-4700

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: A malicious website may be able to cause Safari to send remotely specified data to arbitrary TCP ports

Description: Safari may allow a malicious website to send remotely specified data to arbitrary TCP ports. This update addresses the issue by blocking access to certain ports. Credit to Kostas G. Anagnostakis of Institute for Infocomm Research, Singapore, and Spiros Antonatos of FORTH-ICS, Greece for reporting this issue.

WebKit

CVE-ID: CVE-2007-4701

Available for: Mac OS X v10.4 through Mac OS X v10.4.10, Mac OS X Server v10.4 through Mac OS X Server v10.4.10

Impact: A local user may be able to read the content of opened PDF files

Description: WebKit/Safari creates temporary files insecurely when previewing a PDF file, which may allow a local user to access the file's content. This may lead to the disclosure of sensitive information. This update addresses the issue by This update addresses the issue by using more restrictive permissions for temporary files during PDF preview. Credit to Jean-Luc Giraud, and Moritz Borgmann of ETH Zurich for reporting this issue.

 

This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.

The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.

CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.

Thu, 15 Nov 2007 00:00:00 GMT
Domain affected: Technical
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |