Proof-of-concept exploiting Mac OS X flaw released

By on
Proof-of-concept exploiting Mac OS X flaw released

Researchers say flaw has remained open for seven months.

Researchers have released proof-of-concept code exploiting an unpatched buffer overflow vulnerability in the Mac OS X.

The flaw could allow an attacker to execute arbitrary code or launch a denial-of-service (DoS) attack, according to researchers at the Poland-based security auditing firm, which first discovered the vulnerability last May. Proof-of-concept (PoC) code was released last week, according to a company alert.

“We assume that the entire product line of Apple, including Macintosh computers and servers, iPhones, iPods and Apple TV, could be affected by this issue,” researcher Maksymilian Arciemowicz told in an email.

Apple was notified about the vulnerability in June, then again in December. The issue still has not been fixed, researchers said.

The bug affects 15 other applications and systems that use the vulnerable code – most of which have been fixed, Arciemowicz said. Besides Mac OS X, the vulnerability remains open in Mozilla Sunbird, K-Meleon and the J programming language. 

Meanwhile, developers for NetBSD fixed the issue back in May, the same day they were notified, Maksymilian said. It has also been corrected in several Mozilla applications, including Firefox, Opera, Google Chrome, OpenBSD, FreeBSD, KDE and F-Lock.

“It seems to us that Apple comes from the assumption that when there is no PoC or exploit given, that the problem doesn't exists,” Arciemowicz said.

See original article on

Copyright © SC Magazine, US edition

Most Read Articles

Log In

|  Forgot your password?