ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Desktop platforms Toolkit in association with http://ad.doubleclick.net/clk;205413468;14699245;m?http://adfarm.mediaplex.com/ad/ck/2397-58840-22058-14

OS X evolves with Darwin flaws

Published: 19 Jan 2005 08:55 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A source-code audit of the open-source operating system from which Apple borrowed much of the code for Mac OS X revealed four vulnerabilities of varying severity in Apple's software, a security company said on Monday.

The flaws in Darwin affect Mac OS X version 10.3 -- dubbed Panther -- and are caused by memory errors in the kernel, according to an advisory released by ImmunitySec, the security company that found the flaws.

"In terms of criticalness, this kind of bug mostly affects remote systems with multiple users," said David Aitel, founder and security consultant with ImmunitySec, adding that since Mac OS X is most often used on the desktop, the flaws will not be overly important on most people's systems.

The company originally found the flaws in June and published them to a private list of customers but did not notify Apple. It published the flaws on Monday, after presenting them at a seminar.

Apple confirmed that it had not been told of the flaws and said it was analysing the vulnerabilities but would not elaborate.

ImmunitySec found the flaws by analysing the publicly available source code of the Darwin operating system, which implements a variant of Unix known as BSD. Darwin forms the core of Apple's modern Mac OS X operating system, and the flaws found by the security company also affected Apple's operating system.

The flaws include a bug in Mac OS X's SearchFS function, several kernel memory overflows and a logic bug in the AT command, which is used to schedule tasks by the operating system.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
34 out of 84 people found this useful


Talkback

Post a comment


Full Talkback thread

2 comments

  1. First of all, it ,puzzles me how security firms ca... Anonymous
  2. Once a version is released as open source, th... James Stansell

Related Links

More In Desktop platforms



Company/Topic Alerts

Create a new alert from the list below:





Related Jobs

SAP ABAP - Thames Valley

IDOC processing SAP Script / Smart Forms SAP Enhancements/Modifications - User exits (Function Exits, Screen Exits), BADIs -SAP PLM knowledge (BOM, ...

Oracle Technical Architect

These tasks should include, but not be limited to, requirements analysis, applications architecture impact on the current baseline ...

WeSphere Architect

You'll also work with both the business and IS to implement messaging solutions based on a SOA, taking responsibility for analysing business ...

Featured Talkback

So if you upgrade to XP SP3 you can't uninstall Internet Explorer, I'm quite sure I'm having a Deja-vu feeling about MS preventing people from uninstalling Internet Explorer in other Windows products.

By: TheKLF99

Read full story:
Upgraders to XP SP3 warned over IE downgrades

Desktop Management Benchmarking

Test Your Desktop Management Systems

How good are your company's desktop management solutions? How do they compare with those of your peers?

Take two minutes to complete our new Desktop Management and Energy Consumption benchmark, and find out what issues your business needs to focus on.