MacUpdate Weekend Sale :This weekend MacUpdate has slashed prices on Painter 12 and Painter Lite. Painter 12 retails for $429, but has been reduced by 54% to $199. Painter Lite has seen a 58% price cut from $69 to $29. Hurry, because these deals are only available until May 19th 2013.      
toggle

AAPL Stock: 433.26 ( -1.32 )

http://www.macnn.com/articles/07/12/10/security.flaws.in.leopard/

Security flaws surface in Leopard, VPN

updated 05:25 pm EST, Mon December 10, 2007

 

Security flaws in Leopard


A new denial of service (DoS) vulnerability has surfaced in Apple's Mac OS X Leopard operating system that can result in crashes, according to Heise Security. The flaw, which is an integer overflow in the load_threadstack function in mach_loader.c, occurs when processing Mach-O binaries and can lead to a kernel panic. Single user systems should not be at risk, according to the company, but multi-user setups are vulnerable because attackers do not require any special privileges to provoke the error.

Additionally, security website digit-labs.org has reported a DoS vulnerability in the VPN (Virtual Private Network) service in Mac OS X 10.5 where maliciously-crafted packets can cause the service to freeze. Demonstration exploits are available for both flaws, and no patches have been released to correct the problems.


by MacNN Staff

Post tools:

TAGS :

 security, Leopard, vulnerability, Mac OS X, VPN, Apple

Related Articles

Recent Articles

toggle

Comments

  1. robttwo

    Fresh-Faced Recruit

    Joined: Nov 2005

    0
    12/11, 12:16am | report spam | Reply |

    hei(bs)e

    Heise must have a team of people doing nothing but trying to find ways to crash OSX.

    None of this c*** they publish is in the wild - they are all (wow, what a surprise) only in their own lab. Now, if they were actually an ethical company they would notify Apple of the problem and allow them to issue a notice or make corrections - instead of using their self-made flaws as a way to extend their own business.

    Doofuses.

  1. chefpastry

    Mac Enthusiast

    Joined: Nov 2005

    0
    12/11, 08:08am | report spam | Reply |

    Well said, Doofuses.

    I'd also like to point out that there are obviously many people trying their darndest to find vulnerabilities. It's good to see that none have managed to gain control of someone else's Mac yet.

  1. UberFu

    Fresh-Faced Recruit

    Joined: Oct 2002

    0
    12/11, 08:54am | report spam | Reply |

    that explains

    what happened the other day_ Except that I was merely trying to access the internet and my system crashed_ I don't think I was hacked" per se_

    BUT Leopard is buggy as hell_

    Oh yeah - has anyone found out who this no-name company that keeps feeding MacNN retarded info about OS X actually is? This is their claim to fame? 2 mentions of OS X flaws in a couple of weeks_ Also seems like MacNN are the only folks reporting these Heise found vulnerabilities_

    MacNN - how much are they paying you to run their news story? Really! It's okay - you can tell us - we won't rat you out_

  1. UberFu

    Fresh-Faced Recruit

    Joined: Oct 2002

    0
    12/11, 08:55am | report spam | Reply |

    oh i just saw it

    MacNN dawned Heise's Logo finally - Wow! Not impressed_

  1. testudo

    Forum Regular

    Joined: Aug 2001

    0
    12/12, 09:07am | report spam | Reply |

    Re: hei(bs)e

    None of this c*** they publish is in the wild - they are all (wow, what a surprise) only in their own lab.

    Where would you rather the exploit potentials be found, when it reaches the wild?

    And where do you think most of the Windows vulnerabilities are found? In the wild? No, usually by hackers/groups looking for vulnerabilities to report them, not to exploit them.

  1. dtich

    Fresh-Faced Recruit

    Joined: Dec 2007

    0
    12/12, 01:11pm | report spam | Reply |

    10.5 is *not* "buggy as

    h***". there are some bugs, to be sure. buggy as h***, well, that seems patently untrue, not just a silly exaggeration.

    and, agree on all the heise comments. losers. i'm glad people are hacking and poking at leopard, but... every little stack overflow they can evoke doesn't require a bloody press release. if we look close enough, i'm sure we'll find a nice stack of microsoft checks stubs in heise's bank accounts...

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

Samsung Galaxy S 4

Samsung's new flagship Android smartphone, the Galaxy S 4, faces even stiffer competition than its popular predecessor. With a five-in ...

toggle

Most Commented

 

Popular News