FrSIRT Reports Mac Denial of Service Flaw

The computer security watchdog group FrSIRT is reporting a new potential security threat to Mac OS X that could result in a denial of service attack. The threat takes advantage of a flaw in the kevent() function when registering certain kernel events and allows local unprivileged users to cause the system to panic.

The attack requires direct access to the affected computer, so the threat of theft or physical vandalism is probably greater than the potential for a denial of service attack.

This security threat impacts Mac OS X10.4.8 and earlier, and Apple has not yet released a security update to fix the issue. It is considered low risk, and there are currently no known instances of the exploit being used.