It isn’t daily that you get to hear of security vulnerabilities in Apple’s OS X. Even if security flaws are discovered in OS X, they are rarely exploited for malicious reasons unlike in Windows where viruses are widely available. Recently, a proof of concept code has been made available online that allows a vulnerability to be exploited in OS X 10.5 (Leopard) and 10.6 (Snow Leopard). According to DailyTech, the vulnerability is a “buffer overflow error that arises from the strtod function in the underlying Unix code used for the Mac OS.” This security flaw can allow a remote attacker to take over the system.
SecurityReason has marked this vulnerability as highly critical but it hasn’t proven to be dangerous for users ever since last June, when it was first discovered by Maksymilian Arciemowicz. Several third party software such as Google Chrome and Firefox were also vulnerable to this exploit but they’ve been patched since then.
Strange to see Apple haven’t bothered fixing this security flaw despite several updates to OS X since June 2009. Hopefully 10.6.3 might include a fix.