Flaw could allow remote attacker to take over Mac systems

Security is a big concern for many computer users. The concern for security is bigger than simply the need to protect personal information online; users are also concerned about the security of files and data stored on their local computers.

Proof of concept code has been posted online that details a vulnerability that can be exploited in some versions of the Mac OS X operating system. The vulnerability is in both versions 10.5 and 10.6 of the Mac OS and is a buffer overflow error that arises from the strtod function in the underlying Unix code used for the Mac OS.

The proof of concept code was posted by a security researcher at a security firm called SecurityReason. This is not the first that has been heard about the vulnerability though. The vulnerability was first announced by Maksymilian Arciemowicz last June.

The risk posed by the vulnerability is listed as high by SecurityReason. Other software that was vulnerable to the same exploit included FreeBSD and NetBSD as well as Firefox and Google Chrome. Mozilla and Google have both already patched their software to prevent the vulnerability, but the flaw is still exploitable on Mac systems.

McAfee predicted at the end of 2009 that 2010 would see the number of attacks and exploits for third party programs exceed the number of attacks and exploits aimed at Microsoft products. The two big targets in 2010 according to McAfee will be cross platform software from Adobe including Reader and Flash.

InformationWeek reports that Apple did not respond to a request for comment and that SecurityReason was not reachable for comment on the likelihood that the flaw could be exploited.

"It's okay. The scenarios aren't that clear. But it's good looking. [Steve Jobs] does good design, and [the iPad] is absolutely a good example of that." -- Bill Gates on the Apple iPad
Related Articles

Latest Blog Posts
T-Mobile Data Problems
Saimin Nidarson - Oct 20, 2016, 10:17 AM
IMEX America Trade Show
Saimin Nidarson - Oct 9, 2016, 10:00 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki