We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
 
74,944 News Articles

More Mac OS X vulnerabilities revealed

Apple plans to deal with them soon

A security researcher has released code that exploits a number of recently discovered and unpatched bugs in Mac OS X.

The software was made available last Friday by independent researcher Tom Ferris. It can be used to crash applications or even run unauthorised code on the Mac by taking advantage of bugs in Safari and Mac OS X. Ferris's 'proof-of-concept' code exploits seven bugs.

Apple has already been informed of the bugs and plans to fix them in "the next security release", Ferris said in a posting to his Security-protocols.com blog.

"There [seem] to be some problems with the claimed solid-as-a-rock Unix OS," he wrote on his blog. "Getting Safari to crash in many different spots is trivial, while Firefox is very tough."

As Apple's star shines brighter, Mac OS X has been attracting more interest from security researchers such as Ferris. In February a number of malicious malware applications, including one called OSX/Leap, were released.

The Sans Institute's Internet Storm Center rated Ferris's bugs as "highly critical", and warned that there are no patches or workarounds available for the majority of them.

Ferris also made headlines earlier this year when he discovered a bug in the Internet Explorer 7.0 Beta 2.0 preview within minutes of it being released.

Apple representatives were not immediately available to comment for this story.


IDG UK Sites

Amazon 3D smartphone release date, price and spec: The hologram phone?

IDG UK Sites

You're never alone with a clone: How the App Store got taken over by copycats

IDG UK Sites

PCs vs consoles: PCs still pwn when it comes to gaming (and everything else)

IDG UK Sites

Come together to learn: the secrets of the best design talks, conferences and courses