Filed under Software
Tagged as apple, exploit, OSX
Proof of concept exploit code was posted last week by a security researcher at SecurityReason to demonstrate a vulnerability in versions 10.5 and 10.6 of Apple’s Mac OS X operating system.
The vulnerability is a potential buffer overflow error arising from the use of the strtod function Mac OS X’s underlying Unix code. It was first reported by researcher Maksymilian Arciemowicz last June.
SecurityReason’s advisory describes a flaw in the libc/gdtoa code in OpenBSD, NetBSD, FreeBSD, and MacOS X, as well as Google Chrome, Mozilla Firefox and other Mozilla software, Opera, KDE, and K-Meleon.
SecurityReason’s advisory rates the vulnerability’s risk as “high” and claims that the flaw can be exploited by a remote attacker.
A spokesperson for SecurityReason wasn’t immediately available to characterize the likelihood that this vulnerability could be exploited.
The vulnerability was addressed in FreeBSD and NetBSD last last summer.
And shortly thereafter Google and Mozilla, among other vendors, did the same.
But Apple apparently has not yet updated its software to incorporate the fix.
Apple did not immediately respond to a request for comment.
Source: DarkReading
Filed under Software
Tagged as apple, iphone
Apple has sent a clear message to any developers who try to game its iTunes App Store. Software developer Molinker has been kicked out, along with more than 1,000 of its iPhone applications.
The Chinese developer had, according to some estimates, 1,000-plus applications in the store, most of which were copycat knockoffs of existing applications. When the friend of writers at the iPhoneography photography blog saw these rather poor applications consistently scoring 5-star reviews, they got suspicious. Some investigation showed that Molinker’s applications were getting many top ratings and almost nothing in the 2-to-4-star range. In fact, the only other ratings were often 1-star, and likely the only truthful feedback on the apps’ pages.
iPhoneography wrote a long letter to Apple’s marketing boss, Phil Schiller, and posited that Molinker was giving out promotional codes — essentially free copies of the applications — in return for these 5-star reviews. In almost all cases, these reviews were poorly written, and came from customers who almost exclusively reviewed just Molinker applications.
This scam was so effective that the applications regularly rose to the tops of charts. One, called ColorMagic, even made it into the Staff Favorites section of the store (which brings some doubt as to whether these are actually staff picks at all).
After a week of typical Apple silence, iPhoneography wrote again, and received a reply direct from Schiller: “Yes, this developer’s apps have been removed from the App Store and their ratings no longer appear either.”
Full article at: Wired
Apple’s latest build for Mac OS X has been changed to not run on Intel’s Atom processors, much to the dismay of the ‘hackintosh’ community that specialise in running the operating system on PCs.
Rumors of the change surfaced earlier in the month after the release of the developer build, and users have confirmed that this is the case.
Source: Tech Radar
