Overclock.net › Forums › Industry News › Software News › [Blorge] Mac Security Alert: Three vulnerabilities uncovered
New Posts  All Forums:Forum Nav:

[Blorge] Mac Security Alert: Three vulnerabilities uncovered

post #1 of 8
Thread Starter 

Recently, three vulnerabilities have been uncovered with Apple iCal 3.0.1. This could possibly affect those who use Mac 10.5.1 (Leopard). According to the report the most serious of the three due to a resource liberation bug.
The most serious of the three vulnerabilities is due to potential memory corruption resulting from an resource liberation bug that can be triggered with a malformed .ics calendar file specially crafted by a would-be attacker.
“Exploitation of these vulnerabilities in a client-side attack scenario is possible with user assistance by opening or clicking on specially crafted .ics file send over email or hosted on a malicious web server; or without direct user assitance if a would-be attacker has the ability to legitimately add or modify calendar files on a CalDAV server.â€
The Bugtraq names are 28629, 28632, and 28633.

Bugtraq 28629 is labeled “Apple iCal ‘COUNT’ Parameter Integer Overflow Vulnerability†and is classified as an “Boundary Condition Error.†In order for this, to work the attacker must entice the unsuspecting user to import a malicious UCS file. According to the report a vulnerable .ics file will contain the following line.
RRULE:FREQ=DAILY;INTERVAL=1;COUNT=2147483646
Bugtraq 28632 is labeled as “Apple iCal ‘TRIGGER’ Parameter Denial of Service Vulnerability†and is classified as a “Design Error.†In order, to be successful the attacker must entice an unsuspecting user to import a malicious ICS file.

Bugtraq 28633 is labeled “Apple iCal ‘ATTACH’ Parameter Denial Of Service Vulnerability†and is classified as a “Input Validation errorâ€. Checking out the exploit report nothing is said about the issue although it does link you to a “proof of concept file.†According to the report, direct user involvement isn’t necessary if the attacker is able to add or modify calendar files on a CalDAV server.

If you haven’t already done so you can receive updates for your Mac automatically.

How to get updates immediately (Mac OS X 10.3, 10.4, 10.5 or later)

1. Go to the Apple menu
2. Click on Software Update. Clicking on Software update will check for available updates.
3. Mac OSX 10.3.x only: Click on the Check Now button.
4. From the Software Update window choose the items you want to install
5. Install the software. You usually want to install all the software updates.
6. When prompted, enter the administration account name and password.
7. Once the installation is complete, restart your Mac computer if it is required.

When I first set up automatic software update I found out that I had to run the software update a few times since some of the updates that I had installed were prerequisites for others.

If you are on a Mac OS X 10.2 or lower steps 1-3 are slightly different. Complete the first three steps and pick up the above steps 4-7.

1. Go to the Apple menu
2. Choose System Preferences
3. From the View Menu, select Software Update

Rodrigo Carvalho who works for the Core Security Consulting Services Team at Core Security Technologies discovered and researched these vulnerabilities. Additional research was done by Ricardo Narvaja from CORE IMPACT (also part of Core Security Technologies) the Exploit Writers Team. Reading the report it states that vulnerabilities in a client-side attack is possible.

Core Security Technologies is a USA company based in Boston. It provides audit, penetration testing, and software based products and services.

Core Security Technologies has not observed these exploits in the wild. The vulnerabilities were observed during BugWeek 2007. The report was published on May 21, 2008.

Source: Blorge
post #2 of 8
I wont be needing this. I removed Apple iCal in app folder. unless it stores it somewhere else?
Gaming PC
(16 items)
 
 
HTC 10
(9 items)
 
CPUMotherboardGraphicsRAM
i5 4690K (Delidded) MSI Z97 MPOWER AC MAX EVGA 980 Ti Hybrid  2.8Ghz, CMY16GX3M2A2400C11R 
RAMHard DriveHard DriveHard Drive
2.8Ghz, CMY16GX3M2A2400C11R A-DATA SP900 2x ST2000DM001-1ER164 ASMedia® ASM1061 (External) 
CoolingOSMonitorMonitor
swiftech h320 Stripped Win 10 x64 15063 *M* SAMSUNG LS24F350 *S* LG 22MP48HQ 
PowerCaseMouseAudio
Corsair RM850w Corsair Obsidian 750D Corsair Harpoon RGB Fiio E7 
CPUMotherboardGraphicsRAM
Intel Core Duo T2300E Lenovo 9457A78 Intel i945GM (GMA950) 2x 2048MB @ 667Mhz 
Hard DriveOptical DriveOSMonitor
FUJITSU MHV2060BH HT-DT-ST RW/DVD GCC-4244N Win 7 SP1 Thin PC X86 1024x768 @ 60hz 
KeyboardPowerMouse
IBM 65w , 20v ThinkPad UltraNav 
CPUGraphicsRAMHard Drive
Qualcomm Snapdragon 820 MSM8996 [OC] Adreno 530 2x 2GB LPDDR4 32 GB eMMC Flash 
CoolingOSMonitorKeyboard
Passive Android 7.0 2.51.617.1 Super LCD 5: 2560x1440 (565 PPI) Sony Xperia Keyboard 
Power
3,000 mAh Battery 
  hide details  
Reply
Gaming PC
(16 items)
 
 
HTC 10
(9 items)
 
CPUMotherboardGraphicsRAM
i5 4690K (Delidded) MSI Z97 MPOWER AC MAX EVGA 980 Ti Hybrid  2.8Ghz, CMY16GX3M2A2400C11R 
RAMHard DriveHard DriveHard Drive
2.8Ghz, CMY16GX3M2A2400C11R A-DATA SP900 2x ST2000DM001-1ER164 ASMedia® ASM1061 (External) 
CoolingOSMonitorMonitor
swiftech h320 Stripped Win 10 x64 15063 *M* SAMSUNG LS24F350 *S* LG 22MP48HQ 
PowerCaseMouseAudio
Corsair RM850w Corsair Obsidian 750D Corsair Harpoon RGB Fiio E7 
CPUMotherboardGraphicsRAM
Intel Core Duo T2300E Lenovo 9457A78 Intel i945GM (GMA950) 2x 2048MB @ 667Mhz 
Hard DriveOptical DriveOSMonitor
FUJITSU MHV2060BH HT-DT-ST RW/DVD GCC-4244N Win 7 SP1 Thin PC X86 1024x768 @ 60hz 
KeyboardPowerMouse
IBM 65w , 20v ThinkPad UltraNav 
CPUGraphicsRAMHard Drive
Qualcomm Snapdragon 820 MSM8996 [OC] Adreno 530 2x 2GB LPDDR4 32 GB eMMC Flash 
CoolingOSMonitorKeyboard
Passive Android 7.0 2.51.617.1 Super LCD 5: 2560x1440 (565 PPI) Sony Xperia Keyboard 
Power
3,000 mAh Battery 
  hide details  
Reply
post #3 of 8
I don't use iCal, and I see there is already an update. So what's the big deal.
Rig
(15 items)
 
   
CPUMotherboardGraphicsRAM
i7 5820K MSI X99A SLI PLUS EVGA GTX 1070 FTW 4x8GB G.Skill Ripjaws  
Hard DriveHard DriveCoolingOS
Samsung 850 Pro Samsung 850 Evo Noctua NH-D15 Windows 10 
MonitorKeyboardPowerCase
Dell U2515H Happy Hacking Keyboard 2  EVGA Supernova 750 G2 Corsair 600Q 
MouseMouse PadAudio
Logitech G403 Steelseries QcK Mass M-Audio AV40 
CPUMotherboardGraphicsRAM
i7 930 @ 3.7 HT Gigabyte X58A-UD3R VisionTek 4870x2 3x4GB's G.Skill Ripjaws 1600 
Hard DriveOptical DriveOSMonitor
500GB AAKS, 2x 640GB AAKS, 2x 1TB Samsung SH-S203B Windows 7 Ultimate 64-bit Samsung 245BW 
KeyboardPowerCaseMouse
Happy Hacking Keyboard 2 Silverstone OP850 Antec 1200 [Three Nanoxia FX12] [Two San Ace 1011] Logitech G500 
Mouse Pad
Razer eXactMat 
CPUGraphicsRAMHard Drive
i7 3615QM GT 650M 16GB DDR3 256GB SSD 
OS
OS X Mountain Lion 
  hide details  
Reply
Rig
(15 items)
 
   
CPUMotherboardGraphicsRAM
i7 5820K MSI X99A SLI PLUS EVGA GTX 1070 FTW 4x8GB G.Skill Ripjaws  
Hard DriveHard DriveCoolingOS
Samsung 850 Pro Samsung 850 Evo Noctua NH-D15 Windows 10 
MonitorKeyboardPowerCase
Dell U2515H Happy Hacking Keyboard 2  EVGA Supernova 750 G2 Corsair 600Q 
MouseMouse PadAudio
Logitech G403 Steelseries QcK Mass M-Audio AV40 
CPUMotherboardGraphicsRAM
i7 930 @ 3.7 HT Gigabyte X58A-UD3R VisionTek 4870x2 3x4GB's G.Skill Ripjaws 1600 
Hard DriveOptical DriveOSMonitor
500GB AAKS, 2x 640GB AAKS, 2x 1TB Samsung SH-S203B Windows 7 Ultimate 64-bit Samsung 245BW 
KeyboardPowerCaseMouse
Happy Hacking Keyboard 2 Silverstone OP850 Antec 1200 [Three Nanoxia FX12] [Two San Ace 1011] Logitech G500 
Mouse Pad
Razer eXactMat 
CPUGraphicsRAMHard Drive
i7 3615QM GT 650M 16GB DDR3 256GB SSD 
OS
OS X Mountain Lion 
  hide details  
Reply
post #4 of 8
They friggin F-ed up iCal in Leopard. Tiger's was great, but Leopard's totally sucks ass. iCal 3 is epic fail. So we got interface problems, and now security problems.

Quote:
Originally Posted by Unknownm View Post
I wont be needing this. I removed Apple iCal in app folder. unless it stores it somewhere else?
iCal (was) a great program. I can see why you removed it since you have Leopard lol
post #5 of 8
Yeah. iCal sucks now unfortunately.
 
Server
(3 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-3540M Intel HD Graphics 4000 8GB G.SKILL Ripjaws DDR3 1600 Samsung 840 EVO 250GB SSD 
OSMonitorMouseAudio
Windows 10 Pro x64 14" at 1600x900 Logitech Anywhere Mouse MX FiiO E17 USB DAC amp 
CPUOSCase
i3-540 Debian 8 (Jessie) Cooler Master Elite 341 
  hide details  
Reply
 
Server
(3 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-3540M Intel HD Graphics 4000 8GB G.SKILL Ripjaws DDR3 1600 Samsung 840 EVO 250GB SSD 
OSMonitorMouseAudio
Windows 10 Pro x64 14" at 1600x900 Logitech Anywhere Mouse MX FiiO E17 USB DAC amp 
CPUOSCase
i3-540 Debian 8 (Jessie) Cooler Master Elite 341 
  hide details  
Reply
post #6 of 8
Quote:
Originally Posted by Miki View Post
Core Security Technologies has not observed these exploits in the wild. The vulnerabilities were observed during BugWeek 2007. The report was published on May 21, 2008.
Yet another article about theoretical Apple security issues. What's wrong, can't find any real attacks to post?
Edited by rabidgnome229 - 5/27/08 at 7:29pm
It goes to eleven
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6300 DS3 EVGA 8600GTS 2GB XMS2 DDR2-800 
Hard DriveOSMonitorKeyboard
1.294 TB Arch Linux/XP Samsung 226bw Eclipse II 
PowerCaseMouse
Corsair 520HX Lian-Li v1000B Plus G7 
  hide details  
Reply
It goes to eleven
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6300 DS3 EVGA 8600GTS 2GB XMS2 DDR2-800 
Hard DriveOSMonitorKeyboard
1.294 TB Arch Linux/XP Samsung 226bw Eclipse II 
PowerCaseMouse
Corsair 520HX Lian-Li v1000B Plus G7 
  hide details  
Reply
post #7 of 8
Quote:
Originally Posted by rabidgnome229 View Post
Yet another article about theoretical Apple security issues. What's wrong, can't find any real attacks to post?
Haha. So true.
 
Server
(3 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-3540M Intel HD Graphics 4000 8GB G.SKILL Ripjaws DDR3 1600 Samsung 840 EVO 250GB SSD 
OSMonitorMouseAudio
Windows 10 Pro x64 14" at 1600x900 Logitech Anywhere Mouse MX FiiO E17 USB DAC amp 
CPUOSCase
i3-540 Debian 8 (Jessie) Cooler Master Elite 341 
  hide details  
Reply
 
Server
(3 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-3540M Intel HD Graphics 4000 8GB G.SKILL Ripjaws DDR3 1600 Samsung 840 EVO 250GB SSD 
OSMonitorMouseAudio
Windows 10 Pro x64 14" at 1600x900 Logitech Anywhere Mouse MX FiiO E17 USB DAC amp 
CPUOSCase
i3-540 Debian 8 (Jessie) Cooler Master Elite 341 
  hide details  
Reply
post #8 of 8
See it was only a matter of time and size of user base before exploits are found. I like how the apple rep in my store says that apples don't get hacked and that they are the most secure OS to date. The more market share apple gains, the more holes will be found. It's sorta going the way window is. Now all someone needs to do is make a virus for mac and there goes one of their biggest marketing advantage. But then again it still is hard since it's based off of unix.
    
CPUMotherboardGraphicsRAM
Q6700 Intel DP45SG Visiontek HD 4870 2x2GB DDR3 1066 
Hard DriveOptical DriveOSMonitor
320 Western Digital + 1TB Black Caviar WD Samsung Sata vista ultimate x64/Windows 7 Ultimate 64x Samsung T220 22 inch 
KeyboardPowerCaseMouse
Dynex(Temp until G15) BFG 800 Watt Antec 900 Logitech G5 Gaming mouse 
Mouse Pad
Commando(none) 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Q6700 Intel DP45SG Visiontek HD 4870 2x2GB DDR3 1066 
Hard DriveOptical DriveOSMonitor
320 Western Digital + 1TB Black Caviar WD Samsung Sata vista ultimate x64/Windows 7 Ultimate 64x Samsung T220 22 inch 
KeyboardPowerCaseMouse
Dynex(Temp until G15) BFG 800 Watt Antec 900 Logitech G5 Gaming mouse 
Mouse Pad
Commando(none) 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [Blorge] Mac Security Alert: Three vulnerabilities uncovered