Apple is aware of this security flaw since last June which was first reported by researcher Maksymilian Arciemowicz. Few days ago Security Researcher at SecurityReasons posted a detailed report on this flaw. The effected software is for Mac OS X 10.5 and 10.6 with a security risk HIGH. Which means – It is used for Buffer overflow vulnerabilities and Remote file inclusion (RFI) vulnerabilities. Also it is used for vulnerabilities that can lead to system compromise and remote command execution. Usually vulnerabilities are remotely exploitable and does not require any user interaction. In other words, it will be very easy for attacker to remotely access your system.

The bug in questions affets the libc/strtoc(3) and libc/gdtoa functions in Mac OS X, as well as other Unix based operating system. FreeBSD amd NetBSD have fixed the flaw, but Apple for some reason kept this a side. Because these functions are used in many applications, this could be a vector of attack by remote users via web browsers, e-mail clients and more.

In the report they have also informed that Local and Remote Exploits are possible. That means -  attacker is authenticated user and require access to the system and also the attacker can remotely take over vulnerable application and don’t need access to system or local network.

For all Mac OS X users, please keep your eyes open for any malware that attempts to exploit any vulnerability. I hope, Apple will take this matter very seriously and inject a fix  as soon as possible.

Source[via]

If you would like to comment on this post please do..

To know more.. , you can always follow us on twitter @machackpc (News, Tips, Tweaks, Hints, Hacks and Updates on your PC, Mac, Linux, iPhone, Other Phones and any other technology related)

Articles you may be interested in

• Mac OS X Server Y2K+10 bug
• More screen shot options for Mac OS X
• Few Secrets of Mac OS X
• Try Path Finder 5.5.4 for Free
• How to Install Snow Leopard on a PC With Rebel EFI