Here is an interesting one. Apparently a vulnerability that was reported roughly 8 months ago still haunts OS X.
From ITWire:
A widespread security vulnerability disclosed eight months ago is apparently still lurking in Mac OS X 10.5 and 10.6. A pair of security researchers have released a proof of concept exploit.
Maksymilian Arciemowicz and ‘sp3x’ of SecurityReason.com have publicly disclosed a proof of concept exploit for a vulnerability in Mac OS X’s dtoa function that converts double-precision values to ASCII strings.
They say they reported the issue eight months ago.
The proof of concept merely triggers a memory access error, but such buffer overflow conditions can sometimes be exploited to run arbitrary code.
Hmm. Arbitrary code you say? That sounds less than appealing.
Read on.
(Image used under CC from photograham Flickr stream)
