Apple warns of Mac attack risk via image files

clevin · Aug 6, 2009

http://blogs.zdnet.com/security/?p=3933

* CVE-2009-1728 A stack buffer overflow exists in the handling of Canon RAW images. Viewing a maliciously crafted Canon RAW image may lead to an unexpected application termination or arbitrary code execution.
* CVE-2009-1722 A heap buffer overflow exists in ImageIOs handling of OpenEXR images. Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution.
* CVE-2009-1721 An uninitialized memory access issue exists in ImageIOs handling of OpenEXR images. Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution.
* CVE-2009-1720 Multiple integer overflows exist in ImageIOs handling of OpenEXR images. Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution.
* CVE-2009-2188 A buffer overflow exists in ImageIOs handling of EXIF metadata. Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution.
* CVE-2009-0040 An uninitialized pointer issue exists in the handling of PNG images. Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution.

so if you haven't updated, do it now.

SFStateStudent · Aug 6, 2009

Weren't there fixes for most of these issues released yesterday? I'm not certain....

celticpride678 · Aug 6, 2009

SFStateStudent said:
Weren't there fixes for most of these issues released yesterday? I'm not certain....

I was thinking the same exact thing. They were fixed in the security updates of 10.5.8 and Tiger too, I think.

MisterMe · Aug 6, 2009

celticpride678 said:
I was thinking the same exact thing. They were fixed in the security updates of 10.5.8 and Tiger too, I think.

Yes.

SFStateStudent · Aug 6, 2009

+2 ^^^ I thought it was just my inability to read between the lines.....

Rodimus Prime · Aug 6, 2009

SFStateStudent said:
Weren't there fixes for most of these issues released yesterday? I'm not certain....

well most of the windows "viruses" and worms out there use patch security holes that are months old.

A big one from years past was MSblaster. MSblaster used a security hole in windows XP that had been patched months before hand but so many people failed up update their computers.

SFStateStudent · Aug 6, 2009

Rodimus Prime said:
A big one from years past was MSblaster. MSblaster used a security hole in windows XP that had been patched months before hand but so many people failed up update their computers.

That's a good point; I make sure my family and friends are aware of the Mac updates as soon as they come out.....

Rodimus Prime · Aug 6, 2009

SFStateStudent said:
That's a good point; I make sure my family and friends are aware of the Mac updates as soon as they come out.....

One windows people fail to understand there are some very basic practices that keep one from getting nailed from a virus and worms.

1.) keep your computer updated
2.) do not download and install unknown programs.

Follow rules 1 and 2 and 95% of all problems are solved.

For windows I have 3 basic rules I require for any computer I set up.

1.) Keep computer updated
2.) Do not download and install any unknown program and use common sense
3.) have some AV software

Follow those 3 rules that is 99.9% of windows problems security problems fixed.

On apple follow rules 1 and 2 and you are at the 99% security problems fixed.

Fail to follow rules 1 and 2 and well OSX is no better than windows.

Rodimus Prime · Aug 6, 2009

SFStateStudent said:
That's a good point; I make sure my family and friends are aware of the Mac updates as soon as they come out.....

One windows people fail to understand there are some very basic practices that keep one from getting nailed from a virus and worms.

1.) keep your computer updated
2.) do not download and install unknown programs.

Follow rules 1 and 2 and 95% of all problems are solved.

For windows I have 3 basic rules I require for any computer I set up.

1.) Keep computer updated
2.) Do not download and install any unknown program and use common sense
3.) have some AV software

Follow those 3 rules that is 99.9% of windows problems security problems fixed.

On apple follow rules 1 and 2 and you are at the 99% security problems fixed.

Fail to follow rules 1 and 2 and well OSX is security is worthless

MisterMe · Aug 6, 2009

Rodimus Prime said:
...

On apple follow rules 1 and 2 and you are at the 99% security problems fixed.

Fail to follow rules 1 and 2 and well OSX is no better than windows.

Follow Rules 1 and 2, get no viruses.

Ignore Rules 1 and 2, your infections skyrocket to zero(0).

PracticalMac · Aug 10, 2009

I deleted (Uninstalled) Outlook on my PeeSee, and hardly ever use web based mail on it (all mail on Mac).

I have yet to get a virus on it in 4 years (web based "spy ware" excepted).

Search

Search

Apple warns of Mac attack risk via image files

clevin

macrumors G3

SFStateStudent

macrumors 604

celticpride678

Guest

MisterMe

macrumors G4

SFStateStudent

macrumors 604

Rodimus Prime

macrumors G4

SFStateStudent

macrumors 604

Rodimus Prime

macrumors G4

Rodimus Prime

macrumors G4

MisterMe

macrumors G4

PracticalMac

macrumors 68030

Our Staff