Posted on 01/09/2010 2:44:18 AM PST by Swordmaker
The vulnerability is a variant of an issue raised last summer.
Proof of concept exploit code was posted today by a security researcher at SecurityReason to demonstrate a vulnerability in versions 10.5 and 10.6 of Apple's Mac OS X operating system.
The vulnerability is a potential buffer overflow error arising from the use of the strtod function Mac OS X's underlying Unix code. It was first reported by researcher Maksymilian Arciemowicz last June.
SecurityReason's advisory describes a flaw in the libc/gdtoa code in OpenBSD, NetBSD, FreeBSD, and MacOS X, as well as Google Chrome, Mozilla Firefox and other Mozilla software, Opera, KDE, and K-Meleon. SecurityReason's advisory rates the vulnerability's risk as "high" and claims that the flaw can be exploited by a remote attacker.
A spokesperson for SecurityReason wasn't immediately available to characterize the likelihood that this vulnerability could be exploited.
The vulnerability was addressed in FreeBSD and NetBSD last last summer.
And shortly thereafter Google and Mozilla, among other vendors, did the same.
But Apple apparently has not yet updated its software to incorporate the fix.
Apple did not immediately respond to a request for comment.
In their respective predictions for 2010, computer security companies Symantec, Websense, and Zscaler all said that they foresaw more attacks being directed at Macs and other Apple devices this year.
To some extent, such predictions represent wishful thinking. But Mac users should give some thought to security, if only in terms of using the built-in Mac OS X firewall and exercising caution in the Web sites they visit and the e-mail messages they open.
Some of the most serious security issues computer users face have to do with Web software and cross-platform software, like Adobe's Acrobat and Acrobat Reader.
Data is a company's most important asset, yet it's also the easiest to lose. In our new report, you'll find out where sensitive data is going unencrypted and what's holding IT back from adopting encryption end to end. Download the report here (registration required).
If you have clicked on the Blue Apple Menu on your Menu bar and check Software Update... that will pick up any security updates available for Tiger.
The last OS update that affected Tiger was released on November 4, 2009.
Since then, Apple has released security updates for Safari, iTunes, and Quicktime that have affected OSX.4 Tiger, and those should also have been downloaded and installed.
Neglected to say I did that as recently as yesterday. “No updates available.”
I’ve switched from Safari to Firefox. Safari developed “freezing” issues.
Thanks for response!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.