Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Update: Apple patches Pwn2Own bug, 55 others in Mac OS

Gregg Keizer, Computerworld | March 22, 2011
Apple on Monday issued patches for 56 Snow Leopard bugs, most of which can be exploited to hijack user machines.

Editor's note: This story has been changed since it was originally posted to correct a statement that researchers Charlie Miller and Dion Blazakis sold an unused Mac OS X vulnerability to HP TippingPoint's bug bounty program at the conclusion of the Pwn2Own hacking contest.

Apple on Monday patched 56 vulnerabilities, most of them critical flaws that could be used to hijack machines, as part of 2011's first broad update of Mac OS X.

Among the fixes was one for a vulnerability also found in iOS that four-time Pwn2Own winner Charlie Miller and his research partner Dion Blazakis used to hack an iPhone at the contest earlier this month.

Of the 56 bugs patched in the update for Snow Leopard, 45 were accompanied by the phrase "arbitrary code execution," Apple-speak for rating the flaws as "critical." Unlike many other major software makers, like Microsoft and Oracle, Apple doesn't assign severity rankings to vulnerabilities.

According to Apple's advisory, more than a dozen of the bugs can be exploited by "drive-by" attacks that execute as soon as a victim browses to a malicious Web site with an unpatched edition of Mac OS X.

Several in that class resided in Apple Type Services (ATS), the operating system's font renderer, and could be exploited using malicious documents embedded with specially crafted fonts. Of those four vulnerabilities, two were reported by researchers from Apple's rival Google.

Other drive-by attacks could be launched using malformed files exploiting six vulnerabilities in Mac OS X's ImageIO component, another five in QuickTime and two in QuickLook, the operating system's document preview tool.

One of the latter was uncovered by Miller and Blazakis, researchers with the Baltimore-based consulting firm Independent Security Evaluators (ISE). Miller, who has won cash prizes at the Pwn2Own hacking challenge four years running, and Blazakis used a bug in a component of iOS similar to QuickLook on Apple's iPhone at the contest.

Apple has now patched that bug in Mac OS X, but it remains unfixed in iOS. According to reports, Apple will release an update for iOS 4.2 shortly.

Miller also said that yesterday's update fixed other bugs he had found but never disclosed or reported to Apple.

"[Mac OS X] 10.6.7 fixes a ton of bugs. It slaughters at least 4 I was sitting on including my OS X entry to pwn2own I didn't get to use," said Miller in a Monday tweet .


1  2  Next Page 

Sign up for Computerworld eNewsletters.