Researcher Posts Proof of Concept Exploit Code for Mac OS X Vulnerability

By Kara Reeder | Jan 11, 2010 | Print this Page
http://www.enterprisenetworkingplanet.com/netsecur/researcher-posts-proof-concept-exploit-code-mac-os-x-vulnerability
A security researcher at SecurityReason has posted proof-of-concept code to demonstrate a vulnerability in Apple's Mac OS 10.5 and 10.6 , according to InformationWeek.

The vulnerability has to do with a potential buffer overflow error in the use of the "strtod" function Mac OS X's underlying Unix code. Since the flaw can be exploited by a remote attacker, SecurityReason considers the vulnerability's risk as "high."

FreeBSD, NetBSD, Google and Mozilla have already addressed the vulnerability, which was first discovered last June by researcher Maksymilian Arciemowicz. However, Apple has yet to update its software.