Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Researchers have released proof-of-concept code exploiting an unpatched buffer overflow vulnerability in the Mac OS X. The flaw could allow an attacker to execute arbitrary code or launch a denial-of-service (DoS) attack, according to researchers at the Poland-based security auditing firm SecurityReason.com, which first discovered the vulnerability last May. Proof-of-concept (PoC) code was released last week, according to a company alert. “We assume that the entire product line of Apple, including Macintosh computers and servers, iPhones, iPods and Apple TV, could be affected by this issue,” SecurityReason.com researcher Maksymilian Arciemowicz told SCMagazineUS.com in an email. Apple was notified about the vulnerability in June, then again in December. The issue still has not been fixed, researchers said. The bug affects 15 other applications and systems that use the vulnerable code – most of which have been fixed, Arciemowicz said. Besides Mac OS X, the vulnerability remains open in Mozilla Sunbird, K-Meleon and the J programming language. Meanwhile, developers for NetBSD fixed the issue back in May, the same day they were notified, Maksymilian said. It has also been corrected in several Mozilla applications, including Firefox, Opera, Google Chrome, OpenBSD, FreeBSD, KDE and F-Lock. “It seems to us that Apple comes from the assumption that when there is no PoC or exploit given, that the problem doesn't exists,” Arciemowicz said. See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.