By Thomas Claburn
InformationWeek
January 8, 2010
Proof of concept exploit code was posted today by a security researcher at SecurityReason to demonstrate a vulnerability in versions 10.5 and
10.6 of Apple's Mac OS X operating system.
The vulnerability is a potential buffer overflow error arising from the use of the strtod function Mac OS X's underlying Unix code. It was first reported by researcher Maksymilian Arciemowicz last June.
SecurityReason's advisory describes a flaw in the libc/gdtoa code in OpenBSD, NetBSD, FreeBSD, and MacOS X, as well as Google Chrome, Mozilla Firefox and other Mozilla software, Opera, KDE, and K-Meleon.
SecurityReason's advisory rates the vulnerability's risk as "high" and claims that the flaw can be exploited by a remote attacker.
A spokesperson for SecurityReason wasn't immediately available to characterize the likelihood that this vulnerability could be exploited.