Content

Five new vulnerabilities in Mac OS X

A researcher has discovered a new round of holes in Mac OS X, further proof that hackers are starting to look beyond the Windows landscape for exploit opportunities.

The flaws, discovered by Tom Ferris of the Security-Protocols blog, can lead to DoS attacks, said monitoring service Secunia, which rated the vulnerabilities highly critical on Friday.

Some of the errors can be exploited when the Safari browser processes malformed HTML tags or GIF images on a malicious website or when Safari decompresses malformed ZIP archives in the Finder.

Ferris, who included proof-of-concept exploit code in his posting, said he notified Apple about the flaws early this year and has been told they "will be fixed in the next security release."

As users await patches, Secunia recommends they avoid untrusted websites and do not open ZIP archives or images originating from unknown sources.

Experts have warned that as Apple's market share increase, the Mac OS X will continue to present an inviting target for malicious attackers. The Cupertino, Calif. computing giant already has issued three security updates this year, including one that patched 20 flaws and provided a "security enhancement" for the first Mac OS X virus, Leap.A.

Attacks against alternative Unix-based systems – including Apple – are rapidly growing, according to a Kaspersky Lab report issued last week.

An Apple spokesman could not be reached for comment today.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.