By Thomas Claburn
January 8, 2010
Proof of concept exploit code was posted today by a security researcher
at SecurityReason to demonstrate a vulnerability in versions 10.5 and
10.6 of Apple's Mac OS X operating system.
The vulnerability is a potential buffer overflow error arising from the
use of the strtod function Mac OS X's underlying Unix code. It was first
reported by researcher Maksymilian Arciemowicz last June.
SecurityReason's advisory describes a flaw in the libc/gdtoa code in
OpenBSD, NetBSD, FreeBSD, and MacOS X, as well as Google Chrome, Mozilla
Firefox and other Mozilla software, Opera, KDE, and K-Meleon.
SecurityReason's advisory rates the vulnerability's risk as "high" and
claims that the flaw can be exploited by a remote attacker.
A spokesperson for SecurityReason wasn't immediately available to
characterize the likelihood that this vulnerability could be exploited.
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News