More Mac OS X Flaws Identified
Apple is doing a lot of security patching of late, and it looks like its employees may be working overtime just to address some of the flaws founds by one security researcher.
Tom Ferris, a hacker and researcher from Mission Viejo, Calif., posted on his Web site Thursday evening information about seven separate security vulnerabilities he found in different Mac OS X digital image formats.
Ferris included proof-of-concept exploit code for all of the flaws in his advisories, though he insists the code is little more than the most basic example to demonstrate precisely where the problems reside. Some of the flaws he found are merely denial-of-service glitches, meaning an attacker could use them to cause hiccups or lockups for targeted Mac systems. But in an interview earlier today, Ferris told me that a number of the bugs could almost certainly be exploited to allow attackers to run programs of their choice on vulnerable Mac systems.
Ferris said he's been told by the folks at Apple that the bugs will be fixed in "the next security release," which -- at the rate Apple has been releasing updates lately -- could be quite soon. Still, it has taken Apple nearly four months to fix these problems. Ferris said he first notified Apple of the flaws in early January, and that Apple still is working on fixing at least seven other serious security bugs he found in iTunes and Quicktime after just a few hours of poking around the programs.
"When you think about how many millions of people bought iPods last year ... finding bugs in applications like that has a huge impact," Ferris said.
Ferris's work is the latest indication that the security community is starting to take a much closer look at potential vulnerabilities in OS X.
"Apple is basically becoming a bigger target because researchers are realizing the potential impact is higher than it was before because more people are using it," Ferris said. "Plus, OS X is Unix-based and a lot of researchers and hackers started out on UNIX- and Linux-based systems finding bugs, so for them it's like being back home again."
Posted by: S. H. | April 21, 2006 5:47 PM | Report abuse
Posted by: Anonymous | April 22, 2006 5:24 AM | Report abuse
Posted by: MotorolaMac | April 22, 2006 1:50 PM | Report abuse
Posted by: Mac | April 22, 2006 7:25 PM | Report abuse
Posted by: Anon... | April 22, 2006 7:37 PM | Report abuse
Posted by: Eduardo | April 22, 2006 8:03 PM | Report abuse
Posted by: John Johnson | April 23, 2006 11:59 AM | Report abuse
Posted by: MrX | April 23, 2006 6:06 PM | Report abuse
Posted by: Anonymous | April 23, 2006 8:39 PM | Report abuse
Posted by: Mr. Smith | April 24, 2006 6:17 AM | Report abuse
Posted by: WiJO | April 24, 2006 9:56 AM | Report abuse
Posted by: Randy | April 24, 2006 11:49 AM | Report abuse
Posted by: johng | April 24, 2006 7:26 PM | Report abuse
Posted by: Poch | April 25, 2006 1:20 PM | Report abuse
Posted by: amazed | April 26, 2006 9:56 AM | Report abuse
Posted by: J.Mercurio | September 8, 2006 12:12 PM | Report abuse
The comments to this entry are closed.