The Mac Observer

Skip navigational links

Choose text size: Select small text. Select medium text. Select large text.

Featured Article:

heise Uncovers Leopard DoS Flaw

by , 10:30 AM EST, December 10th, 2007

heise Security revealed on Monday that Apple's Mac OS X 10.5 operating system contains a security flaw that could allow an attacker to crash the system through a denial of service attack. The threat could allow an attacker to cause a kernel panic by taking advantage of an integer overflow when processing certain Mach-O binaries.

Macs with only one user account should be immune to potential attacks. For multi-user setups, however, the threat could be exploited even if the user doesn't have administrative level access because it does not require special privileges.

heise claims the flaw exists in Mac OS X 10.4.11, 10.5, and 10.5.1, and that Apple has not yet issued a fix. There are no know instances of this threat being used.

Observer Comments

Show: Subjects Only | Full Comments
Close Name:Guest
Mon Dec 10, 2007 1:46 pm Subject: Hmmm

According to the article:

"Single user systems should not be at risk as the bug can only be exploited by users logged onto a system."

You have to already be logged on to the system to cause a problem. If I have direct authorized access to a system, I can do all kinds of things to it. I suppose this ought to be fixed, but I don't see it being a very serious problem before it does get fixed.


 Reply | Quote
Close Name:Mikuro Posts: 457 Joined: 15 Jun 2002
Mon Dec 10, 2007 5:20 pm Subject:

Quote
Guest wrote:
If I have direct authorized access to a system, I can do all kinds of things to it..

Well, only if you're an administrator. Normal users should not be able to do much of anything to the system as a whole. If they can, it's only through bugs like this.


 Reply | Quote
Close Name:Guest
Wed Dec 12, 2007 11:54 am Subject:

Nobody should be running an OS with a single user. That means that one user would would have to be an administrator, and running under an administrator account for your daily tasks is just begging to be a victim.


 Reply | Quote
Comment on this Article


Guest Posts Visible. Hide Them.
Back to top  Page 1 of 1    

You cannot edit your comments.   You cannot delete your comments.
Log in | Register | Having Problems? Reset TMO Cookies & Try Again
Username:   Password:   Log me on automatically each visit   

You are not logged in, and this post will appear as "Guest." Log in with your username and password from the TMO forums. If you do not have a username, you can register here.
Please note that guests are limited to including a maximum of two URLs per post.

Post A Comment
  Subject


  Your Comments



Please enter the word exactly as you see it in the image above. Registered users aren't prompted for this. Having trouble reading the image get a new one.

Recent Headlines - Updated January 9th

Thu, 5:56 PM
Macworld Expo 2009 - Orbicule Announces Undercover 3 with Location Technology
5:49 PM
News - TOM BIHN, Waterfield Designs Release 17” Unibody MacBook Pro Notebook Cases
3:50 PM
Macworld Expo 2009 - Targus Shows File Share Cable for Mac
3:40 PM
Macworld Expo 2009 - Blackmagic Demonstrates Video Recorder
3:14 PM
News - Microvision Demonstrates SHOW WX Laser Projector
2:53 PM
Just a Thought - First Time: A Closer look at Macworld and San Francisco
12:35 PM
News - Mac Gamers Can Now Fight For Good or Evil in City of Heroes
12:12 PM
News - EVE Online to Expand the Known Universe in March
11:53 AM
News - Feral to Ship Rome: Total War Gold in March
11:19 AM
News - Freeverse Says Commander: Napoleon at War is on the March
10:34 AM
News - Whither Macworld Expo?
9:47 AM
News - Paragon Issues 30 ‘Talking’ Dictionaries

The Mac Observer Reader Specials