Apple's Software Update needs an update, says MoAB

Stephen Withers
Thursday, 25 January 2007 12:33

Your IT - Home IT

Today's instalment in the Month of Apple Bugs is a format string vulnerability in Software Update, the utility used to download and install patches and new versions of Apple software.

We can't help wondering if the MoAB team has deliberately chosen to end the month with a series of flaws in software shipped by Apple rather than third party developers.

Format string vulnerabilities have identified in previous disclosures, and involve passing a string containing formatting commands such as %x in circumstances when the program concerned doesn't expect them.

In this case, the exploit involves opening a .swutmp file with an appropriately crafted name, causing a crash and potentially allowing the execution of arbitrary code. Files with this extension are opened by Software Update, but the trick would be in persuading the recipient to open the file or arranging matters so that it is opened without user intervention. The MoAB team says they "are conducting further tests around Software Update and possible vectors to abuse this issue."

No workaround is offered: "Wait for Apple to release a patch for Software Update via Software Update" is the tongue-in-cheek advice.

Temporary patches for previous format string vulnerabilities have offered by the MoAB Fixes group.