Among the patches is a fix for four flaws in BIND, the most serious of which can be exploited in a remote DoS attack, according to an advisory released yesterday by Apple.
The flaws exist in OS X versions 10.3.9 and 10.4.9 and OS X Server versions 10.3.9 and 10.4.9.
Apple also patched a file vulnerability that can lead to arbitrary code execution or unexpected application termination when running commands on a malicious file.
An iChat flaw that can be exploited to cause a DoS attack or arbitrary code execution was fixed as well, according to Apple’s advisory.
Also patched was a cryptographic weakness in fetchmail that could lead to the disclosure of passwords, according to Apple.
An Apple representative could not immediately be reached for comment today.
The bulletins marked Apple’s third patch release of the month, following a 10 May release of fixes for two critical vulnerabilities in Darwin Streamer Server 5.5.4.
Apple on 1 May patched a flaw in QuickTime media player that was discovered in a hacking contest at CanSecWest in April.
FrSIRT ranked the package of vulnerabilities as "critical," its highest classification, in an advisory released today.
Secunia, in an advisory released today, ranked the group of flaws as "highly critical," due to hackers’ ability to exploit them for the exposure of sensitive information, privilege escalation, DoS attacks and system access.
US-CERT advised users to apply the patches as soon as possible.
VeriSign iDefense reported that an anonymous researcher reported one of the flaws to its lab, a plugin loading privilege escalation flaw in PPP.
The flaw exists due to insufficient access validation when processing the plugin command line option, according to an iDefense advisory.
For exploitation, an attacker must obtain local access to the victim’s system, according to iDefense.
Apple was first notified of the flaw on 8 January, according to iDefense.
Greg MacManus, senior research analyst at VeriSign iDefense, told SCMagazine.com that the flaw in CoreGraphics could cause problems for end users duped by social engineering attacks.
"It could appear to be from a trusted source, so you might be more likely to open that then other files," he said, adding that it could be used for system takeover in combination with other files.
Craig Schmugar, research manager at McAfee Avert Labs, told SCMagazine.com that Apple had been in possession of a proof-of-concept exploit for the now-patched flaw in mDNSResponder.
"Clearly the potential for a public exploit is there, and [hackers] are able to turn that around and exploit it fairly quickly," he said. "The knowledge that it exists could lead researchers to create their own versions of the exploit."
Apple credited Michael Lynn of Juniper Networks for reporting the flaw.
Apple patches 17 flaws in third May security bulletin
By Frank Washkuch on May 28, 2007 9:40AM