Apple details security enhancements in Mac OS X 10.4.1
Apple details security enhancements in Mac OS X 10.4.1
Apple has posted a Knowledge Base article detailing security refinements included in Mac OS X 10.4.1, released earlier this week in client form and today in Server form.
Enhancements, including several for issues that were reported in the past two weeks on MacFixIt, are as follows (all apply to both Mac OS X client 10.4.1 and Mac OS X Server 10.4.1):
Dashboard: Malicious websites can download and install widgets via Safari without the Safe Download Validation warning This update blocks the automatic installation of Dashboard widgets. Mac OS X's Safe Download Validation warning is enabled, requiring user approval before a Dashboard widget is installed by Safari. This issue does not affect Mac OS X versions prior to 10.4. Further information on removing Dashboard widgets that you have installed is available from this article: http://docs.info.apple.com/article.html?artnum=301629
Kernel: Users can discover the names of files placed in normally unsearchable places Two system calls designed to allow efficient searching of filesystem objects incorrectly checked the permissions on enclosing directories and would reveal the names of files. The incorrect checking only occurred for directories without the POSIX read, but with the POSIX execute bits set for group and other. In practice this issue only affects files stored in users ~/Public/Drop Box. This update addresses the issue by correctly honoring the POSIX permission bits on directories. Credit to John M. Glenn of San Francisco for reporting this issue.
Kernel: Local system users can cause a local denial of service A vulnerability in the nfs_mount() call due to insufficient checks on input values could allow unprivileged local users to create a denial of service via a kernel panic.
SecurityAgent: Users with physical access to a system with a locked screensaver can start background applications A contextual menu feature in Mac OS X 10.4 allows URLs to be opened from a text input field. This could be used to launch an application behind a locked screensaver window. This update addresses the issue by removing the contextual menu from screensaver text input fields.
Previous Mac OS X 10.4.1 coverage:
- Mac OS X 10.4.1 (#3): Spotlight: Disable for backup target volumes, invisible files; Mail.app 2.0, iSync 2.0 solutions; more
- Mac OS X 10.4.1 (#2): Difference between Software Update and standalone download versions; Mail.app: Bundles now disabled; more
- Apple releases Mac OS X 10.4.1, addresses Widget vulnerability
Resources