Security Flaws Make Macs Vulnerable To Attacks - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Security Flaws Make Macs Vulnerable To Attacks

Security firm @stake warns of serious Mac OS X vulnerabilities.

Security research firm @stake is warning Macintosh users about three security problems with the Mac OS X 10.2.8 and previous versions. It ranks two of the flaws as high.

The first advisory, "Long argv[] Buffer Overflow," warns that an attacker could possibly crash Mac OS X and execute commands as root.

The Systemic Insecure File Permissions advisory states some applications on the vulnerable Mac OS X systems are installed with insecure file permissions and are globally writable. This lets attackers with file-system access to an OS X machine replace binaries and obtain additional privileges from unsuspecting users, who may run the replaced version of the binary.

The third vulnerability, Arbitrary File Overwrite via Core Files, enables attackers with certain access rights to overwrite arbitrary files and read certain files. The @stake advisory warns that this vulnerability could result in sensitive information such as authentication credentials being compromised.

There is no patch available for these vulnerabilities. The @stake advisory recommends that users upgrade to the Mac OS X Panther operating system, which was released this week.

An Apple Computer spokesperson could not say where the company would issue a fix, but Apple is working on a statement about the issue.

David Goldsmith, director of research for @stake, said there's no indication from Apple that it "was going to release a patch for these issues," and that @stake started working with Apple regarding the security problems "at least 30 days ago."

For more detailed information, the advisories are available at www.atstake.com/research/advisories/2003.

Apple is also warning users about another flaw in the Mac OS X software, a remotely exploitable flaw caused by an error in the implementation of QuickTime Java for Mac OS X Server 10.3 and Mac OS X 10.3. More information about this flaw and a patch is available in Apple's Security Update 2003-10-28.

The flurry of security flaws in Apple's OS X shows "there's no piece of commercial software that doesn't have security problems," says John Pescatore, a security analyst at Gartner. As to whether the company should patch these flaws, he says, "Apple should definitely issue a patch, even if the new operating system is shipping."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Commentary
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll