
Security Information

Antivirus Download

What is Computer Virus?

How to recover from virus attacked ?

Top 6 Antivirus Software

What to look for in
Antivirus Software?

Antivirus Latest News

What is Spyware?

How to prevent
Spyware Attack?

Spyware Review

Top 6 Spyware Removal Tools

Antivirus FAQ

About the security content of the Mac OS X 10.5.1 Update (client and server)

BREAKING ADVISORY

Apple has issued a Security Update that patches multiple vulnerabilities in Mac OS X. These vulnerabilities allow for information disclosure, denial of service, DNS cache poisoning, spoofing, arbitrary code execution, privilege escalation, security bypass, and cross-site scripting attacks. The vulnerable components addressed by this update include Flash player, AppleRAID, BIND, bzip2, CFFTP, CFNetwork, CoreFoundation, CoreText, Kerberos, Kernel, remote_cmds, Networking, NFS, NSURL, Safari, SecurityAgent, WebCore, and WebKit.

Mac OS X v10.5.1 Update

Application Firewall

CVE-ID: CVE-2007-4702

Available for: Mac OS X v10.5, Mac OS X Server v10.5

Impact: The "Block all incoming connections" setting for the firewall is misleading

Description: The "Block all incoming connections" setting for the Application Firewall allows any process running as user "root" (UID 0) to receive incoming connections, and also allows mDNSResponder to receive connections. This could result in the unexpected exposure of network services. This update addresses the issue by more accurately describing the option as "Allow only essential services, and by limiting the processes permitted to receive incoming connections under this setting to a small fixed set of system services: configd (for DHCP and other network configuration protocols), mDNSResponder (for Bonjour), and racoon (for IPSec). The "Help" content for the Application Firewall is also updated to provide further information. This issue does not affect systems prior to Mac OS X v10.5.

Application Firewall

CVE-ID: CVE-2007-4703

Available for: Mac OS X v10.5, Mac OS X Server v10.5

Impact: Processes running as user "root" (UID 0) cannot be blocked when the firewall is set to "Set access for specific services and applications"

Description: The "Set access for specific services and applications" setting for the Application Firewall allows any process running as user "root" (UID 0) to receive incoming connections, even if its executable is specifically added to the list of programs and its entry in the list is marked as "Block incoming connections". This could result in the unexpected exposure of network services. This update corrects the issue so that any executable so marked is blocked. This issue does not affect systems prior to Mac OS X v10.5.

Application Firewall

CVE-ID: CVE-2007-4704

Available for: Mac OS X v10.5, Mac OS X Server v10.5

Impact: Changes to Application Firewall settings do not affect processes started by launchd until they are restarted

Description: When the Application Firewall settings are changed, a running process started by launchd will not be affected until it is restarted. A user might expect changes to take effect immediately and so leave their system exposed to network access. This update corrects the issue so that changes take effect immediately. This issue does not affect systems prior to Mac OS X v10.5.

November 14, 2007.