heise Uncovers Leopard DoS Flaw

heise Security revealed on Monday that Appleis Mac OS X 10.5 operating system contains a security flaw that could allow an attacker to crash the system through a denial of service attack. The threat could allow an attacker to cause a kernel panic by taking advantage of an integer overflow when processing certain Mach-O binaries.

Macs with only one user account should be immune to potential attacks. For multi-user setups, however, the threat could be exploited even if the user doesnit have administrative level access because it does not require special privileges.

heise claims the flaw exists in Mac OS X 10.4.11, 10.5, and 10.5.1, and that Apple has not yet issued a fix. There are no know instances of this threat being used.