Apple Security Update 2004-08-09 plugs PNG vulnerability, other flaws
Apple Security Update 2004-08-09 plugs PNG vulnerability, other flaws
Apple has released Security Update 2004-08-09 (built into Mac OS X 10.3.5).
The primary fix is the elimination of a vulnerability where malicious PNG images can cause application crashes and could execute arbitrary code
As described by Apple "A number of buffer overflows, null pointer dereferences and integer overflows have been discovered in the reference library for reading and writing PNG images. These vulnerabilities have been corrected in libpng which is used by the CoreGraphics and AppKit frameworks in Mac OS X. After installing this update, applications that use the PNG image format via these frameworks will be protected against these flaws."
This bug, previously reported on MacFixIt, affects both the Opera Web browser and Apple's Mail.app.
Security Update 2004-08-09 also fixes a problem where in a special situation, navigation using the forward/backward buttons can re-send form data to a GET url.
Apple describes "This is for a situation where a web form is sent to a server using a POST method which issues an HTTP redirect to a GET method url. Using the forward/backward buttons will cause Safari to re-POST the form data to the GET url. Safari has been modified so that in this situation forward/backward navigation will result in only a GET method."
Finally, this security update eliminates the "Rose Attack" where a maliciously crafted IP fragments can use too many system resources preventing normal network operation. The "Rose Attack" describes a specially constructed sequence of IP fragments designed to consume system resources. The TCP/IP implementation in Security Update 2004-08-09 has been modified to limit the resources consumed and prevents this denial of service attack.
There are two versions of the 2004-08-09 updater. One for Mac OS X 10.2.8, and other for Mac OS X 10.3.4 or above
Security Update for Mac OS X 10.2.8 Mac OS X 10.3.4 or above (note that despite this file is labeled Mac OS X 10.3.5, Apple's documentation states that it can be applied to Mac OS X 10.3.4 or later)Again, Security Update 2004-08-09 is built into the Mac OS X 10.3.5 update.
Resources