Unpatched Mac flaws may put users at risk
Date: Sunday, April 23 @ 11:14:18 CDT
Topic: Archive of stories pre April 2007

Apple Computer is investigating several unpatched and potentially serious security flaws in Mac OS X that have been publicly disclosed, the company said Friday.

Tom Ferris, a security researcher in Mission Viejo, Calif., published late on Thursday information on seven flaws in Apple's operating system that potentially put Mac users at risk of a cyberattack. The most serious of the flaws could let attackers surreptitiously run malicious code on users' PCs, Ferris said in an interview via instant messaging.

"We're in the process of investigating and addressing them," Bud Tribble, Apple's vice president of software technology, told CNET News.com. "I think it is important to note that although these are potential vulnerabilities, there are no known exploits to them and they are not affecting customers today."

Five of the flaws identified by Ferris relate to how Mac OS handles various image file formats--including BMP, TIFF and GIF, according to his security advisories. Another flaw involves the way OS X decompresses Zip archives. Additionally, Ferris claims to have found several bugs in Apple's Safari browser.

"The image flaws are the scariest ones, giving an attacker multiple methods of compromising a host," Ferris said. "They can be exploited to execute arbitrary code very easily and were not hard to find."

Apple silently fixed one of the flaws related to the handling of TIFF image files in update 10.4.6, Ferris said. The other bugs remain unpatched, he said, adding that he reported the issues to Apple earlier this year.

Apple believes the public disclosure of security flaws doesn't help anyone, a position shared by most software makers. "We don't feel that our customers are better served by public disclosure of potential issues," Tribble said. "We think that in the general case, people who need to know about issues are the ones that can actually fix the bugs."

Source For Full Article : Click Here

Credit To Author.

Disclaimer

This website contains copyrighted news material - the use of which has not always been specifically authorized by the copyright owner. We believe that our use of such material for nonprofit educational purposes (and other related purposes) constitutes a 'fair use' of the copyrighted material as provided for in the US Copyright Law at Title 17 U.S.C. Section 107. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. If for any reason you believe that our use of your material on this site does not fall within the fair use guidelines, please immediately notify The Black Vault so that we can promptly address the matter.

Sincerely,

John Greenewald, Jr.

The Black Vault Headquarters

http://www.blackvault.com



This article comes from The Black Vault
http://www.theblackvault.com

The URL for this story is:
http://www.theblackvault.com/modules.php?name=News&file=article&sid=16036