of concept code has been posted online that details a
vulnerability that can be exploited in some versions of the Mac OS X
operating system. The vulnerability is in both versions 10.5 and 10.6
of the Mac OS and is a buffer overflow error that arises from the
strtod function in the underlying Unix code used for the Mac OS.
proof of concept code was posted by a security researcher at a
security firm called SecurityReason. This is not the first that has
been heard about the vulnerability though. The vulnerability was
first announced by Maksymilian Arciemowicz last June.
posed by the vulnerability is listed as high by SecurityReason. Other
software that was vulnerable to the same exploit included FreeBSD and
NetBSD as well as Firefox and Google Chrome. Mozilla and Google have
both already patched their software to prevent the vulnerability, but
the flaw is still exploitable on Mac systems.
at the end of 2009 that 2010 would see the number of attacks and
for third party programs exceed the number of attacks and
exploits aimed at Microsoft products. The two big targets in 2010
according to McAfee will be cross platform software from Adobe
including Reader and Flash.
InformationWeek reports that
Apple did not respond to a request for comment and that
SecurityReason was not reachable for comment on the likelihood that
the flaw could be exploited.