Risk
6/1/2009
05:59 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Apple Plugs A Heap of Buffer Overflow Vulnerabilities

The software maker plugs 10 significant security vulnerabilities in its QuickTime media player, as well as flaws within iTunes. A number of flaws could lead to denial of service conditions, or remote exploit. Looks like most of these flaws affect Mac OS X, Vista, as well as XP SP3.

The software maker plugs 10 significant security vulnerabilities in its QuickTime media player, as well as flaws within iTunes. A number of flaws could lead to denial of service conditions, or remote exploit. Looks like most of these flaws affect Mac OS X, Vista, as well as XP SP3.Each of the CVE-IDs listed below represents a separate vulnerabilities. Those of particular concern enable "arbitrary code execution," which when translated from security-speak to English means an attack could potentially insert software and code of their choosing on at-risk systems:

QuickTime

CVE-ID: CVE-2009-0188 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in QuickTime's handling of Sorenson 3 video files. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of Sorenson 3 video files. Credit to Carsten Eiram of Secunia Research for reporting this issue.

CVE-ID: CVE-2009-0951 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Opening a maliciously crafted FLC compression file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in the handling of FLC compression files. Opening a maliciously crafted FLC compression file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

CVE-ID: CVE-2009-0952 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow may occur while processing a compressed PSD image. Opening a maliciously crafted compressed PSD file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.

CVE-ID: CVE-2009-0010 Available for: Windows Vista and XP SP3 Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution Description: An integer underflow in QuickTime's handling of PICT images may result in a heap buffer overflow. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit to Sebastian Apelt working with TippingPoint's Zero Day Initiative, and Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.

CVE-ID: CVE-2009-0953 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in QuickTime's handling of PICT images. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit to Sebastian Apelt working with TippingPoint's Zero Day Initiative for reporting this issue.

CVE-ID: CVE-2009-0954 Available for: Windows Vista and XP SP3 Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in QuickTime's handling of Clipping Region (CRGN) atom types in a movie file. Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect Mac OS X systems. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

CVE-ID: CVE-2009-0185 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in the handling of MS ADPCM encoded audio data. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Alin Rad Pop of Secunia Research for reporting this issue.

CVE-ID: CVE-2009-0955 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Opening a maliciously crafted video file may lead to an unexpected application termination or arbitrary code execution Description: A sign extension issue exists in QuickTime's handling of image description atoms. Opening a maliciously crafted Apple video file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved validation of description atoms. Credit to Roee Hay of IBM Rational Application Security Research Group for reporting this issue.

CVE-ID: CVE-2009-0956 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3

Impact: Viewing a movie file with a maliciously crafted user data atom may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue exists in QuickTime's handling of movie files. Viewing a movie file with a zero user data atom size may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of movie files, and presenting a warning dialog to the user. Credit to Lurene Grenier of Sourcefire, Inc. (VRT) for reporting this issue.

CVE-ID: CVE-2009-0957 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Charlie Miller of Independent Security Evaluators, and Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.

More information on the QuickTime flaws are available on Apple's support page.

Also released today is a flaw within iTunes:

iTunes 8.2

CVE-ID: CVE-2009-0950 Available for: Mac OS X v10.4.10 or later, Mac OS X Server v10.4.10 or later, Windows Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow exists in iTunes when parsing "itms:" URLs. Accessing a maliciously crafted "itms:" URL may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Will Drewry for reporting this issue.

More information on this flaw is available here.

For mobile technology and security updates, follow me on Twitter.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3580
Published: 2014-12-18
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

CVE-2014-6076
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.

CVE-2014-6077
Published: 2014-12-18
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVE-2014-6078
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.

CVE-2014-6080
Published: 2014-12-18
SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.