The Mac Observer

Skip navigational links

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
heise Uncovers Leopard DoS Flaw

heise Uncovers Leopard DoS Flaw

by , 10:30 AM EST, December 10th, 2007

heise Security revealed on Monday that Apple's Mac OS X 10.5 operating system contains a security flaw that could allow an attacker to crash the system through a denial of service attack. The threat could allow an attacker to cause a kernel panic by taking advantage of an integer overflow when processing certain Mach-O binaries.

Macs with only one user account should be immune to potential attacks. For multi-user setups, however, the threat could be exploited even if the user doesn't have administrative level access because it does not require special privileges.

heise claims the flaw exists in Mac OS X 10.4.11, 10.5, and 10.5.1, and that Apple has not yet issued a fix. There are no know instances of this threat being used.

Observer Comments

Show: Subjects Only | Full Comments
Close Name:Guest
Subject: Hmmm

According to the article:

"Single user systems should not be at risk as the bug can only be exploited by users logged onto a system."

You have to already be logged on to the system to cause a problem. If I have direct authorized access to a system, I can do all kinds of things to it. I suppose this ought to be fixed, but I don't see it being a very serious problem before it does get fixed.

Close Name:Mikuro Posts: 457 Joined: 15 Jun 2002
Subject:

Quote
Guest wrote:
If I have direct authorized access to a system, I can do all kinds of things to it..

Well, only if you're an administrator. Normal users should not be able to do much of anything to the system as a whole. If they can, it's only through bugs like this.

Close Name:Guest
Subject:

Nobody should be running an OS with a single user. That means that one user would would have to be an administrator, and running under an administrator account for your daily tasks is just begging to be a victim.

Comment on this Article


You cannot edit your comments.   You cannot delete your comments.

Comments are currently closed. Please email the author instead.


Recent Headlines - Updated July 9th

Thu, 4:29 PM
News - SEC Investigating Jobs Health Disclosures
3:50 PM
Ted Landau's User Friendly Blog - User Interface Blues
3:42 PM
Reports - Chrome OS Complicates Apple & Google Boards of Directors
1:08 PM
Deal Brothers - Life ‘09 Software Drops to $59.99 Delivered
11:06 AM
News - TechRestore Posts Stop-motion iPhone 3GS Breakdown
10:17 AM
Hot Forum Topic - Parallels versus Fusion: Reader Favorites
9:32 AM
Product News - LaCie Unveils LaCinema Rugged HD Multimedia Hard Drive
8:54 AM
Product News - CheckUp 2.5 Adds Snow Leopard, New Mac Support
8:37 AM
News - Latest Microsoft Ad Hits at MacBook Price Again
8:06 AM
TMO Appearances - TMO’s Jeff Gamet Dives into Social Media at CoMUG
7:30 AM
The Back Page - Looking Ahead at the App Store’s Future
Wed, 6:48 PM
Games - Pipe Mania Puzzle Game Released for Mac, iPhone

The Mac Observer Reader Specials

  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!