3 Vulnerabilities in Apple Mac OS X



Two vulnerabilities have been identified in Apple Mac OS X, which could be exploited by local attackers to execute arbitrary code or cause a denial of service.


The first flaw is due to an integer overflow error in the “fatfile_getarch2()” function when processing a malformed Mach-O Universal binary, which could be exploited by malicious users to obtain elevated privileges via a specially crafted Mach-O Universal file.


The second issue is due to a memory corruption error when handling Mach-O binaries with malformed “load_command” structures, which could be exploited by local attackers to cause a denial of service or potentially gain elevated privileges.


Affected Products
Apple Mac OS X version 10.4.8 and prior


Solution:
The FrSIRT is not aware of any official supplied patch for this issue




A vulnerability has been identified in Apple Mac OS X, which could be exploited by local attackers to cause a denial of service. This flaw is due to an error in the “kevent()” [kern/kern_event.c] function when registering certain kernel events, which could be exploited by malicious local unprivileged users to panic a vulnerable system, creating a denial of service condition.


Affected Products
Apple Mac OS X version 10.4.8 and prior


Solution
The FrSIRT is not aware of any official supplied patch for this issue.

Leave a Reply