On mySimon: Premium Ankle Weights
BNET Business Network:
BNET
TechRepublic
ZDNet
99 TalkBacks

By Robert Lemos
Posted on ZDNet News: Jan 19, 2005 1:40:00 AM

A source-code audit of the open-source operating system from which Apple Computer borrowed much of the code for Mac OS X revealed four vulnerabilities of varying severity in Apple's software, a security company said Monday.

The flaws in Darwin affect Mac OS X version 10.3--dubbed Panther--and are caused by memory errors in the kernel, according to an advisory released by ImmunitySec, the security company that found the flaws.

"In terms of criticalness, this kind of bug mostly affects remote systems with multiple users," said David Aitel, founder and security consultant with ImmunitySec, adding that since Mac OS X is most often used on the desktop, the flaws will not be overly important on most people's systems.

The company originally found the flaws in June and published them to a private list of customers but did not notify Apple. It published the flaws on Monday, after presenting them at a seminar.

Apple confirmed that it had not been told of the flaws and said it was analyzing the vulnerabilities but would not elaborate.

ImmunitySec found the flaws by analyzing the publicly available source code of the Darwin operating system, which implements a variant of Unix known as BSD. Darwin forms the core of Apple's modern Mac OS X operating system, and the flaws found by the security company also affected Apple's operating system.

The flaws include a bug in Mac OS X's SearchFS function, several kernel memory overflows and a logic bug in the AT command, which is used to schedule tasks by the operating system.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 99 Talkback(s)
Overcome Flaws
Windows 7 is a new operating system which is stated by Microsoft to not have flaws of Vista in it. This is Vista's new rival. So rather than buying a Streaming Server that will flaw according to error... (Read the rest)
Posted by: gracioustinker Posted on: 11/16/07 You are currently: a Guest | | Terms of Use
Its only the beginning  rcark01 | 01/18/05
At least there's accountability  rpmyers1 | 01/18/05
Hmm  markbn | 01/18/05
??  rcark01 | 01/19/05
I'm not a Mac user, but...  Mack DaNife | 01/19/05
issue  rcark01 | 01/19/05
Those are the only ways of getting a virus?  tic swayback | 01/19/05
Not even email...  MacCanuck | 01/20/05
Well NOBODY has ever said that Linux, or OSX was  Laff | 01/19/05
Are you reading the same article as I am ?  JJ_z | 01/19/05
Well MS over the years has had pleanty of PAID  Laff | 01/19/05
Actually the fact that there has been so many Windows patches...  ShadeTree | 01/19/05
Well there we go again....Yes the volume of users is  Laff | 01/19/05
Short memory there, Rev.  rapson | 01/19/05
Oops my bad..what I should have said is that I have  Laff | 01/19/05
Overcome Flaws  gracioustinker | 11/16/07
And the ratio is what....  BitTwiddler | 01/19/05
Jeez Louise!  MacGeek2121 | 01/19/05
This is a good thing...  AC_MA | 01/19/05
Hear Hear  Roger Ramjet | 01/19/05
Firefox?  rpmyers1 | 01/19/05
XP SP2  Roger Ramjet | 01/19/05
How does it feel to be a liar?  NonZealot | 01/19/05
Thanks for calling him out  dstinson_z | 01/19/05
Merely a single incident  Roger Ramjet | 01/19/05
Now your words come back to haunt you  NonZealot | 01/19/05
Dear M$hill  Roger Ramjet | 01/19/05
I'll give you credit, you did explain your "logic"  NonZealot | 01/19/05
Yes, Mr. NonZealous Zealot, let's continue!  Jeff Spicoli | 01/19/05
Mr Zealot  Roger Ramjet | 01/19/05
Mr. LALALALALA I don't want to hear the truth  NonZealot | 01/19/05
0 for 2 Roger  tic swayback | 01/19/05
Spell Checker  Roger Ramjet | 01/20/05
Re: XP SP2  rpmyers1 | 01/19/05
Barrier to entry  Roger Ramjet | 01/20/05
Hear hear  venve@... | 01/19/05
Not so much  Roger Ramjet | 01/19/05
Kernel  PA-ITGuy | 01/19/05
Good Question  Roger Ramjet | 01/19/05
Sounds to me ...  PA-ITGuy | 01/19/05
Considering the source  Roger Ramjet | 01/19/05
I KNOW WHAT THE PROBLEM IS!!  NonZealot | 01/19/05
You got that right!  Roger Ramjet | 01/20/05
But is it good HOW they released it  FilledOut | 01/19/05
Apple not alerted???  macnut_z | 01/19/05
Of course it has  rapson | 01/19/05
public service announcement  buddhistMonkey | 01/19/05
No...  rapson | 01/19/05
The only ones i remember  doh123 | 01/19/05
You can try to paint it any way you want but ...  ShadeTree | 01/19/05
The question will always be "Which is more secure?"  Laff | 01/19/05
While Windows users are busy patching...  ShadeTree | 01/19/05
OSX/Linux is still more secure  php_developer | 01/19/05
It is just that belief and prejudice that leads to...  ShadeTree | 01/19/05
I don't know about your patching habits but I do  Laff | 01/19/05
Just for the record  rapson | 01/19/05
More than likely Carl it is the fact that Windows is used  Laff | 01/19/05
Well,  rapson | 01/19/05
It happend where I work now ONCE....and only once  Laff | 01/19/05
I concur  NonZealot | 01/19/05
I had it happen myself  Monkey_MCSE | 01/19/05
and there's where you screwed up shade...  Monkey_MCSE | 01/19/05
And what happens...  rapson | 01/19/05
By the time they can switch...  Monkey_MCSE | 01/19/05
Good points... but  NonZealot | 01/19/05
A kernel memory overflow...  ShadeTree | 01/19/05
Case in point  tic swayback | 01/19/05
Winners and losers  rapson | 01/19/05
Once again you misunderstand me....  Laff | 01/19/05
No misunderstanding  rapson | 01/19/05
So true Carl....So true:) I prefer calling them false  Laff | 01/19/05
At last!  mtifo@... | 01/19/05
Oh,man...  rapson | 01/19/05
Yup  Jeff Spicoli | 01/19/05
How does ImmunitySec make money?  James LeMay | 01/19/05
The answer is simple  ShadeTree | 01/19/05
Well first is like Day One you notify you paying clients  Laff | 01/19/05
Jumping to conclusions  rapson | 01/19/05
Oncee again right on the money there Carl..but still  Laff | 01/19/05
Well, this was pretty silly...  BitTwiddler | 01/19/05
Funny how this article...  MacCanuck | 01/19/05
Our bread is buttered...  S.Howard-SarinZDNet Moderator | 01/19/05
It must be frustrating...  NonZealot | 01/19/05
Ever thought  rkadowns | 01/19/05
Don't give Windows too much credit  S.Howard-SarinZDNet Moderator | 01/19/05
No, it's frustrating...  MacCanuck | 01/19/05
Yet another liar!!  NonZealot | 01/19/05
Did you go to the Vily School of Debate? happy  MacCanuck | 01/19/05
Thanks for replying  NonZealot | 01/19/05
Forgot to add responsibility...  MacCanuck | 01/19/05
Well..  Jeff Spicoli | 01/19/05
Can you please do whatever it takes...  Jeff Spicoli | 01/19/05
That's it  rkadowns | 01/19/05
And ?  michael-t | 01/19/05
Silence is DEAFENING  Roger Ramjet | 01/19/05
Aiding and abetting criminal activity  viswakarma | 01/19/05
wrong version  uchuugaka | 01/19/05
Apple want's a free ride  alan.m@... | 01/21/05
I'm sick of X minutes stories  Winfan | 01/22/05

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here