Thursday, March 4, 2010

Researcher Rates Mac OS X Vulnerability 'High


Flaw in versions 10.5 and 10.6 can be exploited by a remote attacker, says SecurityReason
The proof of concept merely triggers a memory access error, but such buffer overflow conditions can sometimes be exploited to run arbitrary code.
Although the issue has apparently been fixed in FreeBSD and OpenBSD, the researchers imply that the changes have not filtered through to Mac OS X, where it is said to be present in Leopard (10.5) and Snow Leopard (10.6).
The issue is also said to have been present in NetBSD, Google Chrome, Firefox and other Mozilla projects, Opera, MatLab, and other pieces of software.
SecurityReason's advisory describes a flaw in the libc/gdtoa code in OpenBSD, NetBSD, FreeBSD, and MacOS X, as well as Google Chrome, Mozilla Firefox and other Mozilla software, Opera, KDE, and K-Meleon. SecurityReason's advisory rates the vulnerability's risk as "high" and claims that the flaw can be exploited by a remote attacker.
For security reasons advisory and proof of concept click here