Earlier today SecurityReason released a proof of concept for the buffer overflow vulnerability found in libc gdtoa() function which is used by printf(). The index array overflow was first reported by researcher Maksymilian Arciemowicz last June.
The advisory describes a flaw in the libc/gdtoa code in OpenBSD, NetBSD, FreeBSD, and Mac OS X, as well as Google Chrome, Mozilla Firefox and other Mozilla software, Opera, KDE, and K-Meleon. While most of the above projects have addressed the issue Apple seems to be lagging behind.
Although this may appear to be limited to a local system, it is possible that an end user could experience a breach, considering the issues faced with Apple’s Safari browser executing code malicious code from illicit web sources in the past. Granted the end user would have to allow the code to run in the first place, there is little reason for Apple not to issue a patch as soon as possible.
Mac OS is the trademarked name for a series of graphical user interface-based operating systems developed by Apple Inc. The operating system runs in various forms their entire product line including Macintosh computers and servers, iPhones, iPods and Apple TV. It is a derivative of FreeBSD and a cousin to both PC-BSD and DragonflyBSD.
The Macintosh user experience is credited with popularizing the graphical user interface. The original form of what Apple would later name the “Mac OS” was the integral and unnamed system software first introduced in 1984 with the original Macintosh, usually referred to simply as the System software.
