Tag Archives: OSX

Mac OS X vulnerability left unpatched for months

1
Posted by Tech Paranoia on January 12, 2010 – 3:00 pm
Filed under exploit
Tagged as ,

New information about a security hole in Mac OS X ,which has been known for about seven months, could finally force Apple to fix the problem. The hole is a new instance of the flawed implementation of the dtoa (double to ascii) C function for converting floating point numbers into strings. During conversion, a flaw in the array index can allow some memory areas to be overwritten. Since the flaw originated in a C library file it found its way into a number of operating systems and applications.

By adding certain formatting characters to print functions, attackers can exploit the vulnerability to provoke a heap overflow, inject arbitrary code in a system, and execute it there. Publicly known since last June, the hole was rated (extremely) critical and has been fixed by several browser vendors, such as Opera, Google and the Mozilla Foundation. OpenBSD, FreeBSD and NetBSD also contained the hole, but have now been updated to close it.

According to Maksymilian Arciemowicz, who discovered the vulnerability, the dtoa flaw does exist in Mac OS X 10.5.x and 10.6.x, but it can’t be exploited via normal print functions such as printf. However, the strtod (string to double) libc function also uses the vulnerable dtoa code and can, in turn, be exploited via printf. Arciemowicz has released a short demo program which provokes the flaw – although it only causes the application to crash. However, according to Arciemowicz, it is not difficult to manipulate the ESI and EDI registers in such a way that injected code can be executed. Users apparently only need to visit a specially crafted web page to fall victim to the attack.

Why Apple hasn’t closed the known hole in dtoa is an open question. Arciemowicz speculates that the previous absence of a proof-of-concept exploit led Apple to believe the hole can’t be exploited. He said that other affected vendors usually respond promptly after being informed about vulnerabilities.

A similar misinterpretation of a hole in Java already caused considerable trouble for Apple last year. It was probably only an exploit published by security specialist Landon Fuller that eventually made Apple release an updated version of Java to close the hole.

Source: H Online

Researcher Rates Mac OS X Vulnerability ‘High’

2
Posted by Tech Paranoia on January 11, 2010 – 1:00 pm
Filed under Software
Tagged as , ,

Proof of concept exploit code was posted last week by a security researcher at SecurityReason to demonstrate a vulnerability in versions 10.5 and 10.6 of Apple’s Mac OS X operating system.

The vulnerability is a potential buffer overflow error arising from the use of the strtod function Mac OS X’s underlying Unix code. It was first reported by researcher Maksymilian Arciemowicz last June.

SecurityReason’s advisory describes a flaw in the libc/gdtoa code in OpenBSD, NetBSD, FreeBSD, and MacOS X, as well as Google Chrome, Mozilla Firefox and other Mozilla software, Opera, KDE, and K-Meleon.

SecurityReason’s advisory rates the vulnerability’s risk as “high” and claims that the flaw can be exploited by a remote attacker.

A spokesperson for SecurityReason wasn’t immediately available to characterize the likelihood that this vulnerability could be exploited.

The vulnerability was addressed in FreeBSD and NetBSD last last summer.

And shortly thereafter Google and Mozilla, among other vendors, did the same.

But Apple apparently has not yet updated its software to incorporate the fix.

Apple did not immediately respond to a request for comment.

Source: DarkReading

Latest OS X won’t work on Atom netbooks

0
Posted by Tech Paranoia on November 13, 2009 – 9:02 am
Filed under Hardware, Software
Tagged as , ,

Apple’s latest build for Mac OS X has been changed to not run on Intel’s Atom processors, much to the dismay of the ‘hackintosh’ community that specialise in running the operating system on PCs.

Rumors of the change surfaced earlier in the month after the release of the developer build, and users have confirmed that this is the case.

Source: Tech Radar