Macs vulnerable to complete control by attackers: FrSIRT

Stan Beer
Monday, 15 May 2006 20:22

Your IT - Home IT

French security research group, FrSIRT has outlined in detail 43 vulnerabilities in both the Mac OS X operating system and media player Apple QuickTime which in some cases could hand over complete control of a user's system.

In two recently released notifications FrSIRT stated:

"Apple has released security updates to address thirty-one vulnerabilities identified in Mac OS X. These flaws could be exploited by attackers to execute arbitrary commands, bypass security restrictions, disclose sensitive information, or cause a denial of service," and  "twelve vulnerabilities have been identified in Apple QuickTime, which could be exploited by remote attackers to take complete control of an affected system."

An example of a critical hole in the Mac OSX system is a "vulnerability due to an error in the bundle API that allows dynamic libraries to load and execute when a bundle is registered even if the client application does not explicitly request it, which could be exploited by attackers to execute arbitrary code from an untrusted bundle without user interaction." The full list of 31 vulnerabilities in detail can be found here.

The QuickTime vulnerabilities are concerned mainly with exploitations associated with visiting malicious web pages. The full list of 12 vulnerabilities in detail can be found here.

Mac users may not like to hear that their systems are vulnerable to attack but Apple itself has done the right thing and published the vulnerabilities with security updates - just like Microsoft does with Windows. Hopefully, they won't have to do it on a Tuesday of each month.