Tuesday, January 30, 2007

MOAB-30-01-2007: Multiple Apple Software Format String Vulnerabilities

Multiple developers of Apple based software including Apples own developers seem to have a misunderstanding of how to properly use NSBeginAlertSheet, NSBeginCriticalAlertSheet, NSBeginInformationalAlertSheet, NSGetAlertPanel, NSGetCriticalAlertPanel, NSGetInformationalAlertPanel, NSReleaseAlertPanel, NSRunAlertPanel, NSRunCriticalAlertPanel, NSRunInformationalAlertPanel, and NSLog.

Further information:

Monday, January 29, 2007

MOAB-29-01-2007: Apple iChat Bonjour Multiple Denial of Service Vulnerabilities


Apple iChat Bonjour functionality is affected by several remotely exploitable denial of service flaws which can be triggered via advertising presence services over multicast DNS.

Further information:

Sunday, January 28, 2007

MOAB-28-01-2007: Apple crashdump Privilege Escalation Vulnerability

crashdump follows symlinks within the /Library/Logs/CrashReporter/ directory, allowing admin-group users to execute arbitrary code and overwrite files with elevated privileges. In couple with a specially crafted Mach-O binary, this can be used to write a malicious crontab entry, which will run with root privileges.

Saturday, January 27, 2007

MOAB-27-01-2007: Telestream Flip4Mac WMV Parsing Memory Corruption Vulnerability

Flip4Mac fails to properly handle WMV files with a crafted ASF_File_Properties_Object size field, leading to an exploitable memory corruption condition, which can be abused remotely for arbitrary code execution.

Further information:
This can be abused remotely even via Mail.app (sending the movie attached in the message), Safari, etc.

Friday, January 26, 2007

MOAB-26-01-2007: Apple Installer Package Filename Format String Vulnerability


Apple Installer fails to properly handle package filename strings. It's a affected by a typical format string vulnerability, which can lead to a denial of service condition or arbitrary code execution.

Further information:
See: Sarcasm.

Also, many thanks to an anonymous supporter for donating to the project. We would like to note also that we don't endorse any actions taken against anyone who openly criticizes or disagrees with the project.

Thursday, January 25, 2007

MOAB-25-01-2007: Apple CFNetwork HTTP Response Denial of Service

CFNetwork fails to handle certain HTTP responses properly, causing the _CFNetConnectionWillEnqueueRequests() function to dereference a NULL pointer, leading to a denial of service condition.

Further information:
Many thanks to Craig Loomis, Greg Slepak and a previous supporter for donating to the project. The mark is at $472.93 USD now, so we are very close to the goal. Again, many thanks to everyone who has contributed, with both donations and feedback.

Wednesday, January 24, 2007

MOAB-24-01-2007: Apple Software Update Catalog Filename Format String Vulnerability


Software Update fails to properly handle the filename strings containing the swutmp extension. It's a affected by a typical format string vulnerability, which can lead to a denial of service condition or arbitrary code execution.

Further information: