VIA Root
VIARoot Security News Security alerts Business IT security Services Security Tools About VIARoot
'High-risk' vulnerability on Mac OS X more like 'no-risk'
Search
Security News
25% Of Malware Spread Via USB Drives
 security
Mathew J. Schwartz, InformationWeek
2010-08-27 14:11:17
Email and peer-to-peer networks also rank as significant venues for malware attacks, which have increased slightly in the U.S. but declined in Europe, according to Panda Security.
Intel Buys McAfee
 intel
Hugo Jean, Heptacube Inc.
2010-08-24 14:51:53
The motivation behind the $7.68 billion deal is unclear, but Intel says it wants to integrate computer security into its hardware.
IT Directory
Wiseleap Solutions Inc.
Founded in 2005, Wiseleap Solutions Inc.'s mission consists in providing companies with the information necessary to make cri [...]
IT Ration Consulting Inc.
IT-Ration Consulting inc has been a NetSuite Partner since 2005 and helps your enterprise grow by aligning your Information T [...]
HumanWare
Empowering People Focused on enhancing the lives of people with visual and learning disabilities, HumanWare provide [...]
By Hugo Jean, Heptacube Inc.
 macosx
2010-01-11 13:00:37

The whole story started in June 2009 when a vulnerability was published under CVE reference CVE-2009-0689:
"Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number."
The vulnerability in Unix-based FreeBSD and NetBSD was addressed shortly after, and Mozilla and others followed.

Mac OS X is not cited in the CVE reference but since it is based on the same Unix code that contains the target files, it has been assumed that its reaction to the PoC would be similar. Maksymilian Arciemowicz and sp3x have therefore posted the PoC on Security Reason as "MacOS X 10.5/10.6 libc/strtod(3) buffer overflow".

But when looking deeper into it, the authors do point out that "it is true that the examples presented in the previous notes, using the
printf (1) do not work under MacOS X", but that "this does not mean the MacOSX C library is safe."

So it does not seem the Proof of Concept proves any concept at all. Instead, it indirectly accuses Apple of not addressing a six-month old issue, even though it does not really have too since its software is not affected by the code.

Also, even if the code did work, it would result in a simple (yet potentially grave) buffer overflow. A remote attacker most probably would not be able to exploit the vulnerability through this piece of code, as InformationWeek claims.

Finally, when looking at article titles like DarkReading's "Researcher Rates Mac OS X Vulnerability 'High'", one must be careful and verify the sources of the news, since the media sometimes have a tendency to omit important details.

Reference 1: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689


Reference 2: http://securityreason.com/achievement_securityalert/81


Reference 3: http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=222300150


Reference 4: http://www.reddit.com/r/programming/comments/anc5p/proofofconcept_code_posted_for_mac_os_x_buffer/.mobile


Reference 5: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=222300156
Tags
Apple exploit Mac OSX PoC 

© 2006-2010 Heptacube Inc.