http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=222300150 By Thomas Claburn InformationWeek January 8, 2010 Proof of concept exploit code was posted today by a security researcher at SecurityReason to demonstrate a vulnerability in versions 10.5 and 10.6 of Apple's Mac OS X operating system. The vulnerability is a potential buffer overflow error arising from the use of the strtod function Mac OS X's underlying Unix code. It was first reported by researcher Maksymilian Arciemowicz last June. SecurityReason's advisory describes a flaw in the libc/gdtoa code in OpenBSD, NetBSD, FreeBSD, and MacOS X, as well as Google Chrome, Mozilla Firefox and other Mozilla software, Opera, KDE, and K-Meleon. SecurityReason's advisory rates the vulnerability's risk as "high" and claims that the flaw can be exploited by a remote attacker. A spokesperson for SecurityReason wasn't immediately available to characterize the likelihood that this vulnerability could be exploited. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Sun Jan 10 2010 - 22:49:23 PST
This archive was generated by hypermail 2.2.0 : Sun Jan 10 2010 - 22:58:26 PST