OS X security image challenged
Tom Sanders in California, vnunet.com 24 Apr 2006
Security researcher Tom Ferris has published details about seven security vulnerabilities in Apple's OS X operating system, including proof of concept code.
The most severe flaw affects the Safari browser, which could be targeted by attackers to execute code on a system or cause the browser to crash.
The other flaws were found in several OS X features. An attacker for instance could use a specially crafted TIFF image file to cause an image view or editor to crash. Similar issues affect the .bmp and .gif image file format.
An error in the way that OS X handles archives such as ZIP files, creates an opportunity for attackers to crash applications or to execute arbitrary code.
The researcher gave one of the flaws a severity rating of high and rated the remaining six "medium".
Both security website Secunia and the SANS Internet Storm Centre claimed that the vulnerabilities are "highly critical" because they allow attackers to execute code on a system or can cause a denial of service attack.
"There seems to be some problems with the claimed "solid as a rock" UNIX OS" , Ferris wrote on his website when he pre-announced the vulnerability disclosure earlier this month. "Getting Safari to crash in many different spots is trivial, as where Firefox is very tough."
Apple on its website uses the "solid as a rock" slogan to describe OS X's security record. The application so far has only seen a few isolated virus attacks that failed to cause any actual harm, but some experts have warned that the software will become a more attractive target at it gains market share.
Ferris said that he has reported the vulnerabilities to Apple at the beginning of the year and claims that they will be fixed in the next security release.
A spokesperson for Apple said that he was aware of Ferris' report, but was unable to comment on the vulnerabilities.
No comments:
Post a Comment