Linked by Thom Holwerda on Tue 3rd Oct 2006 08:32 UTC, submitted by Jon Mchitel
Privacy, Security, Encryption Computer code that exploits a flaw in Apple's Mac OS X was released over the weekend. The code takes advantage of a weakness in core parts of Mac OS X and could let a user gain additional privileges. Apple provided a fix for the error-handling mechanism of the kernel last week, but the exploit appears to have been authored before then. "It appears to have been written well before the vulnerability was fixed," said Dino Dai Zovi, a researcher with Matasano Security who was credited by Apple with discovering the flaw when the patch was released. Obviously anything but spectacular (since it's fixed), but it does raise the age old question: will the growing popularity of both Linux and OS X lead to more of these exploits-- possibly one that does get released 'in time'?
Permalink for comment 167747
To read all comments associated with this story, please click here.
dvhh
Member since:
2006-03-20

however remember that most security problem remain right between the keyboard and the chair and some users might wait before applying the patch ( IT validation or something like that, to chek if it did not break current application). So even if the flaw is patched there are still vulnerable system in the wild. ( as long as I remember code red virus was based on a flaw on IIS that was already patched, or was it on mssql ?).
Fortunately Mac OS X are rarely used for mission critical application as linux or windows are used for, so most of the time users are willing to reboot for a patch and in 48 almost all system connected to the internet can be patched.

Reply Parent Score: 2