Update: Apple patches Pwn2Own bug, 55 others in Mac OS
Fixes Snow Leopard version of flaw that researchers used to hack iPhone at contest, win $15K
Computerworld - Editor's note: This story has been changed since it was originally posted to correct a statement that researchers Charlie Miller and Dion Blazakis sold an unused Mac OS X vulnerability to HP TippingPoint's bug bounty program at the conclusion of the Pwn2Own hacking contest.
Apple on Monday patched 56 vulnerabilities, most of them critical flaws that could be used to hijack machines, as part of 2011's first broad update of Mac OS X.
Among the fixes was one for a vulnerability also found in iOS that four-time Pwn2Own winner Charlie Miller and his research partner Dion Blazakis used to hack an iPhone at the contest earlier this month.
Of the 56 bugs patched in the update for Snow Leopard, 45 were accompanied by the phrase "arbitrary code execution," Apple-speak for rating the flaws as "critical." Unlike many other major software makers, like Microsoft and Oracle, Apple doesn't assign severity rankings to vulnerabilities.
According to Apple's advisory, more than a dozen of the bugs can be exploited by "drive-by" attacks that execute as soon as a victim browses to a malicious Web site with an unpatched edition of Mac OS X.
Several in that class resided in Apple Type Services (ATS), the operating system's font renderer, and could be exploited using malicious documents embedded with specially crafted fonts. Of those four vulnerabilities, two were reported by researchers from Apple's rival Google.
Other drive-by attacks could be launched using malformed files exploiting six vulnerabilities in Mac OS X's ImageIO component, another five in QuickTime and two in QuickLook, the operating system's document preview tool.
One of the latter was uncovered by Miller and Blazakis, researchers with the Baltimore-based consulting firm Independent Security Evaluators (ISE). Miller, who has won cash prizes at the Pwn2Own hacking challenge four years running, and Blazakis used a bug in a component of iOS similar to QuickLook on Apple's iPhone at the contest.
Apple has now patched that bug in Mac OS X, but it remains unfixed in iOS. According to reports, Apple will release an update for iOS 4.2 shortly.
Miller also said that yesterday's update fixed other bugs he had found but never disclosed or reported to Apple.
"[Mac OS X] 10.6.7 fixes a ton of bugs. It slaughters at least 4 I was sitting on including my OS X entry to pwn2own I didn't get to use," said Miller in a Monday tweet .
Miller had a different vulnerability in his pocket that he would have used to hack Safari at Pwn2Own had he drawn a higher spot in that part of the contest. But a team from the French security company Vupen, which had the first crack, broke Safari and hijacked a MacBook Air to win the $15,000 prize with a different bug.
The second day of Pwn2Own, Miller and Blazakis exploited the QuickLook bug in iOS and walked off with their own check for $15,000.
HP TippingPoint's Zero Day Initiative (ZDI) bug bounty program sponsored Pwn2Own and paid out the cash prizes. TippingPoint purchases vulnerabilities and exploits used at the contest, then reports them to vendors. It gives companies six months to patch a flaw before going public with any technical information.
The update to Mac OS X 10.6.7 fixed several non-security bugs, including issues in the AirPort Wi-Fi driver, and offered numerous enhancements, such as a reliability improvement to MobileMe's Back to Mac remote access technology.
Users of new MacBook Pro notebooks also received a fix that Apple said would "improve graphics stability and external display compatibility" in the laptops, Apple's first to boast processors from Intel's new Sandy Bridge line.
Apple's support forum has been flooded with complaints that the new MacBook Pros lock up when stressed by graphics processing chores.
Mac OS X 10.6.7 and the separate 2011-001 security update for Leopard can be downloaded at the Apple site or installed using the operating system's integrated update service.
The update downloads weigh in between 241MB and 475MB for the client versions of Snow Leopard and Leopard.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Deep Security +VMware vSphere with Operations Management Most midsize organizations are highly virtualized on VMware, and while this has produced significant savings, it also has created new challenges when it...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- DDoS Infographic: How Are Attacks Evolving? For the third consecutive year, Neustar surveyed businesses across major industries to track the evolution of DDoS attacks. Are they more frequent? Larger?...
- How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Malware and Vulnerabilities White Papers | Webcasts