To Front Page   >     >   You Are Here

Subscribe:   XML icon     Add this feed to your Bloglines account

Wed - October 29, 2003


A Worm In the Apple? Company Finds Three Security Flaws in OS X 



Microsoft isn't the only company confronting security issues in an OS—as Redmond reminds anyone who will listen. 

Remember when the Mac OS seemed impregnable because both its code and its platform were proprietary? Well, those days ended when Apple switched to a UNIX core—and released a slew of security updates. Now one security company claims to have discovered three flaws in Mac OS X that, for the time being, can only be fixed easily by buying the $129 Panther update.

One security flaw, which makes it possible to crash the Mac OS X kernel by specifying a long command-line argument, could be exploited remotely to dump small portions of memory back to an attacker.

A second flaw concerns applications which are installed onto Mac OS X systems with insecure file permissions, rendering the files and directories that compose various applications globally writable. This allows attackers with file system access to an OS X machine to replace binaries and obtain additional privileges from unsuspecting users, who may run the replaced version of the binary.

The third flaw lets attackers overwrite arbitrary files and read core files created by root owned processes, which may compromise authentication credentials.

Although the company offers tips for manually correcting the flaws, Apple has not yet released security patches to close the holes. The company says that Panther is not susceptible to the same security breaches.

Update: Apple has since pledged to fix these security breaches in Jaguar.

 

  To Front Page     |   Email This  


©