|
12 January
2010 Apple Sits On
Critical Mac Bug For Seven Months Researchers have
disclosed a critical vulnerability in the latest
version of Mac
OS X that they say Apple has sat on for almost
seven months without fixing. The buffer
overflow flaw could be exploited by attackers to
remotely execute malicious code, and virtually all
Apple devices - including Mac computers and
servers, iPhones, and even Apple TV - are
susceptible, one of the researchers, Maksymilian
Arciemowicz, said. Security Reason,
the Poland-based security firm he works for,
alerted Apple to the vulnerability in the middle of
June and again last month, but the computer maker
has yet to patch the bug. By contrast,
developers for OpenBSD, NetBSD, FreeBSD, and a
variety of Mozilla applications have fixed
identical vulnerabilities, in some cases within
hours of notification. The bug affects all
applications and operating systems that implement
gdtoa floating point numbers. "It was not that
difficult to patch it." Arciemowicz wrote in an
email. "It seems to us that Apple comes from the
assumption that when there is no PoC or exploit
given that the problem doesn't exist." |
Copyright © 2010 Mac Casino