[ISN] Mac OS X Vulnerability Posted

From: InfoSec News <alerts_at_private>
Date: Mon, 11 Jan 2010 00:49:23 -0600 (CST)
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=222300150

By Thomas Claburn
InformationWeek
January 8, 2010 

Proof of concept exploit code was posted today by a security researcher 
at SecurityReason to demonstrate a vulnerability in versions 10.5 and 
10.6 of Apple's Mac OS X operating system.

The vulnerability is a potential buffer overflow error arising from the 
use of the strtod function Mac OS X's underlying Unix code. It was first 
reported by researcher Maksymilian Arciemowicz last June.

SecurityReason's advisory describes a flaw in the libc/gdtoa code in 
OpenBSD, NetBSD, FreeBSD, and MacOS X, as well as Google Chrome, Mozilla 
Firefox and other Mozilla software, Opera, KDE, and K-Meleon.

SecurityReason's advisory rates the vulnerability's risk as "high" and 
claims that the flaw can be exploited by a remote attacker.

A spokesperson for SecurityReason wasn't immediately available to 
characterize the likelihood that this vulnerability could be exploited.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Sun Jan 10 2010 - 22:49:23 PST

This archive was generated by hypermail 2.2.0 : Sun Jan 10 2010 - 22:58:26 PST