14 DAY TRIAL // Apple has released a security update for its Mac OS X operating system, which addresses several critical remote code execution vulnerabilities. The company explains that attackers can exploit the flaws by simply rigging image files to execute malicious code.
Apple's 2009-003 security update includes fixes for a total of eighteen vulnerabilities, out of which seven are related to the way certain images are processed. The most critical consists of an uninitialized pointer issue when handling PNG files with ImageIO, because PNG is a widely used format.
"Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution," the advisory reads. Tavis Ormandy of the Google Security Team is credited with the discovery of this vulnerability, which is identified as CVE-2009-0040.
ImageIO is the source of four more vulnerabilities pertaining to image processing. In addition to PNG, attackers can also use Canon RAW or OpenEXR formats to compromise the system. Also, the framework has problems with handling certain EXIF metadata, which can result in a buffer overflow.
Another vulnerability can be exploited by embedding a malformed ColorSync profile into an image. Opening such a file will trigger a buffer overflow condition that can crash the application or facilitate arbitrary code execution.
"2009 has seen a number of attacks against users of Apple Mac OS X. Many of these have relied upon social engineering to fool Mac owners into installing Trojan horses on their computers. There is no doubt, however, that cybercriminals would love to be able to exploit software vulnerabilities instead to make infection even easier," Graham Cluley, senior technology consultant at antivirus vendor Sophos, advises.
In addition to the many remote code execution flaws, this security update also addresses an authentication issue with MobileMe accounts, where the sign out process does not completely remove all credentials from the system. Apple recommends that users upgrade immediately to Mac OS X v10.5.8.