[Swordmaker]

The STRTOD command is a UNIX command to convert a string in a data heap or stack to be read as a double representation, changing the data to floating point... unless apparently there is a buffer overflow of the data there in which case, the vulnerability may cause malformed data to execute in place.

However, the data heaps and stacks on Mac OS X are non-execute memory locations... which may explain why it is a low priority vulnerability for Apple. If vulnerability cannot DO anything... put it on a fix someday list when the other more important stuff has been handled.

How is this a "variant?" It's exactly what was reported about last June. No changes, nothing new.

You can always tell that it's within three weeks of a major Apple event when the Pundits start dusting off old Apple vulnerabilities and start publishing them as FUD articles.

[Swordmaker]

Rehash of an OS X vulnerability report from last June... PING!

Three weeks from a major Apple announcement... it's open FUD SEASON

Mostly FUD as it has to do with a buffer overflow in a non-execute area...

Mac OS X Security vulnerability FUD rehash Ping!

If you want on or off the Mac Ping List, Freepmail me.

[donozark]

I believe Apple stopped providing security updates for OS X Tiger last month. That, coupled with all the problems Mediacom (my ISP) has bestowed upon it’s customers, plus the failure of my iBook’s tracking pad have made my Internet experience rather painful for the last month or so...

[PA Engineer]

In their respective predictions for 2010, computer security companies Symantec, Websense, and Zscaler all said that they foresaw more attacks being directed at Macs and other Apple devices this year.

I'm still waiting for the first one.