Apache security leak: a follow-up
Apache security leak: a follow-up
"This follow-up to our earlier advisory is to warn of known-exploitable conditions related to this vulnerability on both 64-bit platforms and 32-bit platforms alike. Though we previously reported that 32-bit platforms were not remotely exploitable, it has since been proven by Gobbles that certain conditions allowing exploitation do exist. The Apache Software Foundation has released versions 1.3.26 and 2.0.39 that address and fix this issue, and all users are urged to upgrade immediately."
Although we admit to being still a bit uncertain, it appears that Mac platforms are vulnerable to this. Several readers have complained that Apple is not staying current with this matter, as its Security Updates page has not been updated to include this information.