OS X: 6 new zero-day exploits

Logic dictates that as Apple gets more popular it will increasingly become a more popular target for nefarious types, thus more vulnerabilities will be discovered, but this one is huge; OS X hit by 6 new zero-day bugs. ”At least six zero-day vulnerabilities in Apple Computer Inc.’s Mac OS X were disclosed earlier this week by an independent researcher, who noted that all can crash applications or the operating system, and some may let attackers hijack systems. Four of the bugs relate to how the Mac’s OS parses various image file formats – including BMP, TIFF, and GIF, one to how OS X decompresses malformed ZIP archives, and “several” affect Apple’s Safari browser, said researcher Tom Ferris in numerous advisories posted Wednesday to his Security Protocols site. All impact OS X 10.4.6 – the most-current edition – as well as earlier editions, said Ferris, who added that they can result in localized denial-of-service (DoS), in other words “crashes,” and may be further exploitable by attackers installing their own malicious code on compromised Macs.” As is usually the case, the researcher revealed these bugs only to the company at first, but after no action he’s now effectively forcing the issue with Apple. ”Apple was notified of some of the vulnerabilities in January, others in February, but has not yet patched any of them, claimed Ferris.”

 
comments powered by Disqus