Monday, December 10,2007 @ 5:25pm
Security flaws surface in Leopard, VPN
A new denial of service (DoS) vulnerability has surfaced in Apple's Mac OS X Leopard operating system that can result in crashes, according to Heise Security. The flaw, which is an integer overflow in the load_threadstack function in mach_loader.c, occurs when processing Mach-O binaries and can lead to a kernel panic. Single user systems should not be at risk, according to the company, but multi-user setups are vulnerable because attackers do not require any special privileges to provoke the error.
Additionally, security website digit-labs.org has reported a DoS vulnerability in the VPN (Virtual Private Network) service in Mac OS X 10.5 where maliciously-crafted packets can cause the service to freeze. Demonstration exploits are available for both flaws, and no patches have been released to correct the problems.