Several vulnerabilities in Mac OS X
LMH, the initiator of the Month of Kernel Bugs is reporting two vulnerabilities in the Mac OS X kernel. Local users of Intel Macs can exploit one of them to expand their rights. Another vulnerability in the Mac OS X, related to the loading of Mach-O binaries, can lead to memory corruption. LMH claims the error can be replicated even on Mac OS X systems with all current patches installed.
The error occurs when Mach O binary files with correct mach_header structures, but deformed load_command data structures, are loaded. This can only be exploited by local users, although LMH did not indicate the severity of the hole. On a different note, specially prepared universal binaries can be used to provoke an integer overflow in the fatfile_getarch2() function. Attackers can potentially use this to execute arbitrary program code in the kernel mode.
As yet, Apple haven't released updates to close the security holes. Although, in the past, Apple users haven't had to be as careful, they should now take the same precautions as Windows users when downloading executable files from peer-to-peer sites, or questionable websites.
- Mac OS X Mach-O Binary Loading Memory Corruption, security advisory from LMH
- Mac OS X Universal Binary Loading Memory Corruption, bug advisory from the MoKB