Code Posted Online Takes Advantage of Mac OS X Flaw

From DailyTech: Security is a big concern for many computer users. The concern for security is bigger than simply the need to protect personal information online; users are also concerned about the security of files and data stored on their local computers.

Proof of concept code has been posted online that details a vulnerability that can be exploited in some versions of the Mac OS X operating system. The vulnerability is in both versions 10.5 and 10.6 of the Mac OS and is a buffer overflow error that arises from the strtod function in the underlying Unix code used for the Mac OS.

The proof of concept code was posted by a security researcher at a security firm called SecurityReason. This is not the first that has been heard about the vulnerability though. The vulnerability was first announced by Maksymilian Arciemowicz last June.

The risk posed by the vulnerability is listed as high by SecurityReason. Other software that was vulnerable to the same exploit included FreeBSD and NetBSD as well as Firefox and Google Chrome. Mozilla and Google have both already patched their software to prevent the vulnerability, but the flaw is still exploitable on Mac systems.

View: Article @ Source Site