Privacy and Legal Notice

DOE-CIRC TECHNICAL BULLETIN

T-135: Apple Mac OS X Help Viewer HTML Document Remote Code Execution Vulnerability

[CVE-2009-0943]

May 14, 2009 15:00 GMT
PROBLEM: Apple Mac OS X is prone to a remote code-execution vulnerability.
PLATFORM: Apple Mac OS X Server 10.5.6 and earlier. Apple Mac OS X 10.5.6 and earlier.
ABSTRACT: An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious 'help:' URI resulting in the execution of arbitrary Applescript.
LINKS:  
  DOE-CIRC BULLETIN: http://www.doecirc.energy.gov/bulletins/t-135.shtml
  OTHER LINKS: Apple Homepage
http://www.apple.com/
Security Focus Website
http://www.securityfocus.com/bid/34952/info
CVE: CVE-2009-0943
IMPACT ASSESSMENT The rating is medium. The attack requires a user to open a specially crafted 'help:' URI. 
[***** Start CVE-2009-0943 *****]

Discussion:
This vulnerability allows remote attackers to execute arbitrary AppleScript code on vulnerable installations of Mac OSX.
This may lead to the execution of arbitrary code or aid in further attacks and could result in complete compromise of the
system.

The attack would require user interaction - the user would have to be enticed to open a malicious URI.

Exploit code is not currently known to exist in the wild.

Important Note: The solution is to upgrade to Mac OSX 10.5.7. This is a complete version upgrade and contains fixes to many
other security vulnerabilities in OSX.

Vulnerable Systems:
Apple Mac OS X Server 10.5.6 
Apple Mac OS X Server 10.5.5 
Apple Mac OS X Server 10.5.4 
Apple Mac OS X Server 10.5.3 
Apple Mac OS X Server 10.5.2 
Apple Mac OS X Server 10.5.1 
Apple Mac OS X Server 10.4.11 
Apple Mac OS X Server 10.4.11 
Apple Mac OS X Server 10.4.10 
Apple Mac OS X Server 10.4.9 
Apple Mac OS X Server 10.4.8 
Apple Mac OS X Server 10.4.7 
Apple Mac OS X Server 10.4.6 
Apple Mac OS X Server 10.4.5 
Apple Mac OS X Server 10.4.4 
Apple Mac OS X Server 10.4.3 
Apple Mac OS X Server 10.4.2 
Apple Mac OS X Server 10.4.1 
Apple Mac OS X Server 10.4 
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.6 
Apple Mac OS X 10.5.5 
Apple Mac OS X 10.5.4 
Apple Mac OS X 10.5.3 
Apple Mac OS X 10.5.2 
Apple Mac OS X 10.5.1 
Apple Mac OS X 10.4.11 
Apple Mac OS X 10.4.11 
Apple Mac OS X 10.4.10 
Apple Mac OS X 10.4.9 
Apple Mac OS X 10.4.8 
Apple Mac OS X 10.4.7 
Apple Mac OS X 10.4.6 
Apple Mac OS X 10.4.5 
Apple Mac OS X 10.4.4 
Apple Mac OS X 10.4.3 
Apple Mac OS X 10.4.2 
Apple Mac OS X 10.4.1 
Apple Mac OS X 10.4 
Apple Mac OS X 10.5

Solution:
Upgrade to Mac OSX 10.5.7. Upgrades to the current (10.5.6) versions are at:

Apple Mac OS X 10.5.6 
"	Apple MacOSXUpd10.5.7.dmg
http://support.apple.com/downloads/DL826/MacOSXUpd10.5.7.dmg

Apple Mac OS X Server 10.5.6 
"	Apple MacOSXServerUpd10.5.7.dmg
http://support.apple.com/downloads/DL828/MacOSXServerUpd10.5.7.dmg

For upgrades to earlier versions go to:
http://support.apple.com/downloads


[***** End CVE-2009-0943 *****]
DOECIRC services are available to DOE, DOE Contractors, and the NIH. DOE-CIRC can be contacted at: 
    Voice:          866-941-2472
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov
UCRL-MI-119788