AOH :: ISNQ5812.HTM

Mac OS X Vulnerability Posted




Mac OS X Vulnerability Posted
Mac OS X Vulnerability Posted



http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=222300150 

By Thomas Claburn
InformationWeek
January 8, 2010 

Proof of concept exploit code was posted today by a security researcher 
at SecurityReason to demonstrate a vulnerability in versions 10.5 and 
10.6 of Apple's Mac OS X operating system.

The vulnerability is a potential buffer overflow error arising from the 
use of the strtod function Mac OS X's underlying Unix code. It was first 
reported by researcher Maksymilian Arciemowicz last June.

SecurityReason's advisory describes a flaw in the libc/gdtoa code in 
OpenBSD, NetBSD, FreeBSD, and MacOS X, as well as Google Chrome, Mozilla 
Firefox and other Mozilla software, Opera, KDE, and K-Meleon.

SecurityReason's advisory rates the vulnerability's risk as "high" and 
claims that the flaw can be exploited by a remote attacker.

A spokesperson for SecurityReason wasn't immediately available to 
characterize the likelihood that this vulnerability could be exploited.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods