Immunity Reports Four Security Flaws in Panther

Four security flaws have been found and publicly reported by security firm Immunity. The flaws were all found in Darwin, the open source kernel for Mac OS X, and involve memory-related issues, including a "text book case" of a stack overflofindings. "

The vulnerabilities

  • searchfs() Mac OS X specific system call
  • semop() system call kernel stack overflow
  • Several inherited kernel overflows from older BSD systems
  • Is a simple logic bug in the setuid binary /usr/bin/at.

According to ZDNet, which first reported the announcement from Immunity, Apple was not notified of the flaw before Immunity made its findings public. In most circumstances, researchers typically notify the operating system provider in order to give it time to correct the problem.

Immunity also said that it was working on producing reliable exploits for the vulnerabilities.

ZDNet also reported that David Aitel, founder and security consultant for Immunity said that the bugs mostly affect Mac OS X systems being used as remote systems with multiple users, and that they were not overly important to normal desktop users.

At press time, spokespersons from Apple and Immunity were not available for comment.