RobertoOrtiz
11-25-2006, 06:48 AM
Quote:
"Researchers have published exploit code that targets an unpatched kernel vulnerability in Apple's OS X desktop software.
An independent vulnerability analyst working as part of the "Month of Kernel Bugs" campaign released the details necessary to attack the hole in OS X on Nov. 22, revealing the manner in which hackers could target the glitch, which affects the way Apple's software handles disk image files.
The researcher, identified only by the screen name "LMH," issued the exploit via a post on the Kernel Fun Web site.
"Mac OS X fails to properly handle corrupted image structures, leading to an exploitable denial of service condition," LMH wrote in his latest blog.
"Although it hasn't been checked further, memory corruption is present under certain conditions."
The researcher said that the demonstration exploit offered on the site would be unlikely to allow arbitrary code execution if applied by attackers, however, the analyst indicated that the flaw could be taken advantage of by malware writers by targeting the manner in which Cupertino, Calif.-based Apple's Safari browser downloads online image files
"
>>LINK<< (http://news.yahoo.com/s/zd/20061122/tc_zd/194716)
-R
"Researchers have published exploit code that targets an unpatched kernel vulnerability in Apple's OS X desktop software.
An independent vulnerability analyst working as part of the "Month of Kernel Bugs" campaign released the details necessary to attack the hole in OS X on Nov. 22, revealing the manner in which hackers could target the glitch, which affects the way Apple's software handles disk image files.
The researcher, identified only by the screen name "LMH," issued the exploit via a post on the Kernel Fun Web site.
"Mac OS X fails to properly handle corrupted image structures, leading to an exploitable denial of service condition," LMH wrote in his latest blog.
"Although it hasn't been checked further, memory corruption is present under certain conditions."
The researcher said that the demonstration exploit offered on the site would be unlikely to allow arbitrary code execution if applied by attackers, however, the analyst indicated that the flaw could be taken advantage of by malware writers by targeting the manner in which Cupertino, Calif.-based Apple's Safari browser downloads online image files
"
>>LINK<< (http://news.yahoo.com/s/zd/20061122/tc_zd/194716)
-R