[Dshield] PDFs and Preview in Mac OS X 10.5--Official Guidance?
eslerj at gmail.com
Thu Mar 26 13:52:48 GMT 2009
I have talked to "certain entities" that I will not disclose, that tell me
there are not security issues in the PDF rendering engine in OSX. As John
said, this is a crash (DOS) bug, but there are no security implications.
On Wed, Mar 25, 2009 at 9:35 PM, Jon Kibler <Jon.Kibler at aset.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Michael wrote:
> > Hi,
> > I am writing concerning the recent security problems with PDF files
> > (JBIG2 buffer overflows). I did see a post at the SANS Internet Storm
> > Center (http://isc.sans.org/diary.html?storyidY32) that sort of
> > hinted that the problem might exist for MacOS X 10.5 Preview, but I am
> > wondering if anything has been issued as official guidance for persons
> > running OS X (in my case, Leopard, specifically) in terms of a
> > mitigation, fix, or workaround. I do note that Apple released a
> > security update in mid February 2009, but further perusal of that
> > document (
> > ) doesn't mention anything to do with PDFs.
> > I can't avoid PDFs forever. Are there any mitigations, advisories or
> > good alternative PDF readers for Mac?
> > Michael
> I actually sent a detailed analysis of the MacOS PDF issue to Apple.
> apps that run on the Mac), the worst that will happen is that Finder,
> Preview, or whatever will crash. Also, there is a patched Acrobat for Mac.
> Bottom line: Is not a security issue per se, but can cause S/W to crash.
> Also, until you have a patch, don't put PDFs on your desktop.
> One final point... if you do have a bad PDF crash an app, restart MacOS.
> In testing, I was able to crash MacOS after repeated PDF crashes under a
> specific set of circumstances I will not disclose. However, a simple
> reboot seems to avoid that issue.
> - --
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC USA
> o: 843-849-8214
> c: 843-224-2494
> s: 843-564-4224
> My PGP Fingerprint is:
> BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
> Dshield mailing list
> Dshield at lists.sans.org
> To change your subscription options (or unsubscribe), see:
T: 302-223-5974 (-) Gtalk: jesler at sourcefire.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dshield