Apple + Security & Privacy

FrSIRT has published information about a new denial of service vulnerability it has discovered in Mac OS X. As they say, “This issue is caused by errors in the “cs_validate_page()” function when processing return values of “hashes()”, which could be exploited by malicious users to panic a vulnerable system and create a denial of service condition via a specially crafted Mach-O binary.”

What this means is that a malicious user could basically overwhelm your Mac. Denial of service occurs when, for example, a computer receives too many requests on a network, and its processor becomes overloaded. While the term is most often used to talk about web sites – there have been cases when hundreds or even thousands of computers have been used to “attack” a specific web site, all sending requests at the same time, so the server cannot respond – this can also affect individual computers. However, the risk is very low that someone would bother to attack a given Mac, unless it is being used as a server.

At the same time, another denial of service vulnerability has been found, this one being a “flaw is an integer overflow in the load_threadstack function in mach_loader.c when processing Mach-O binaries, which can lead to a kernel panic.”

Kernel panics are more troubling, as you lose all your work when this occurs. If you’ve never seen one, it looks like this:

When this occurs, you have to force-shut-down your Mac by pressing and holding the power button. It’s the worst type of crash, because you’ll lose any unsaved files.