backtop


Print

Flaw could allow remote attacker to take over Mac systems

Security is a big concern for many computer users. The concern for security is bigger than simply the need to protect personal information online; users are also concerned about the security of files and data stored on their local computers.

Proof of concept code has been posted online that details a vulnerability that can be exploited in some versions of the Mac OS X operating system. The vulnerability is in both versions 10.5 and 10.6 of the Mac OS and is a buffer overflow error that arises from the strtod function in the underlying Unix code used for the Mac OS.

The proof of concept code was posted by a security researcher at a security firm called SecurityReason. This is not the first that has been heard about the vulnerability though. The vulnerability was first announced by Maksymilian Arciemowicz last June.

The risk posed by the vulnerability is listed as high by SecurityReason. Other software that was vulnerable to the same exploit included FreeBSD and NetBSD as well as Firefox and Google Chrome. Mozilla and Google have both already patched their software to prevent the vulnerability, but the flaw is still exploitable on Mac systems.

McAfee predicted at the end of 2009 that 2010 would see the number of attacks and exploits for third party programs exceed the number of attacks and exploits aimed at Microsoft products. The two big targets in 2010 according to McAfee will be cross platform software from Adobe including Reader and Flash.

InformationWeek reports that Apple did not respond to a request for comment and that SecurityReason was not reachable for comment on the likelihood that the flaw could be exploited.





"You can bet that Sony built a long-term business plan about being successful in Japan and that business plan is crumbling." -- Peter Moore, 24 hours before his Microsoft resignation
Related Articles







Latest Blog Posts






botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki