[ISN] Apple security patch problems fixed

From: InfoSec News (isn@private)
Date: Thu Jun 10 2004 - 02:44:23 PDT

  • Next message: InfoSec News: "[ISN] Internet Explorer carved up by zero-day hole"

    http://www.theregister.co.uk/2004/06/09/apple_security/
    
    By Tony Smith
    9th June 2004
    
    Register readers experiencing problems with Apple's Security Update
    2004-06-07 can take heart that the update does work, and its apparent
    inability to cope with some exploits can be solved using a little
    Terminal trickery.
    
    We were not alone in having troubles with the update when we applied
    it to our own Mac yesterday. A number of readers emailed us to say
    they too found the patch permitted certain vulnerability tests to
    operate.
    
    The issue centres on those who have taken the test before. Mac OS X's
    LaunchServices sub-system records what apps have been run, which
    document types they 'own' and which URIs they respond to. If, like us,
    you've previously run the test, either to determine its effects or to
    test Unsanity's Paranoid Android utility, the patched LaunchServices
    will happily let it through when you run the tests again.
    
    Apple's patch was - understandably - designed with the reasonable
    belief that no Macs had been exploited, even benignly.
    
    Our thanks, then, to reader Dave Schroeder who pointed out this tip
    over at Mac OS X Hints. The instructions allow you to reset
    LaunchServices' database, forcing it to lose the application-data-URI
    links registered by the vulnerabiltiy tests.
    
    Just run Mac OS X's Terminal app and paste in the following:
    
    /System/Library/Frameworks/ApplicationServices.framework/Frameworks/LaunchServices.framework/Support/lsregister 
    -kill -r -domain local -domain system -domain user
    
    Note that you may need to edit the line in a text editor first, to
    remove carriage returns and spaces between the slashes.
    
    We can confirm that the reset allows the patch to do its stuff with
    the tests and a number of those here.
    
    Security Updates for Mac OS X v10.3.4'Panther' and Mac OS X Server
    v10.3.4 can be found here and for Mac OS X v10.2.8 'Jaguar' and Mac OS
    X Server v10.2.8 here.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
    (Broke? Spend 15 minutes a day on the project!)
    



    This archive was generated by hypermail 2b30 : Thu Jun 10 2004 - 04:23:26 PDT