Mac OS X Mach-O Universal Binary Memory Corruption

Secunia reports on a newly discovered vulnerability in Mac OS X that allows local users to potentially cause denial or service or gain escalated user privileges. 

The report states:

"the vulnerability is caused due to an error in the fatfile_getarch2() function. This can be exploited to cause an integer overflow and may potentially allow execution of arbitrary code with kernel privileges via a specially crafted Mach-O Universal binary.

"The vulnerability is reported in a fully patched Mac OS X (2006-11-26). Other versions may also be affected."

The common sense solution explicated by Secunia in this case is to provide only trusted users access to the system.

Feedback? Late-breakers@macfixit.com.

Resources