Security researcher Tom Ferris has published details about seven security vulnerabilities in Apple's OS X operating system
Researcher challenges Apple's security record with seven bug disclosures

Seven unpatched OS X flaws exposed

OS X security image challenged

Tom Sanders in California

Security researcher Tom Ferris has published details about seven security vulnerabilities in Apple's OS X operating system, including proof-of-concept code. 

The most severe flaw affects the Safari browser, which could be targeted by attackers to execute code on a system or cause the browser to crash.

Advertisement

The other flaws were found in several OS X features. An attacker could, for instance, use a specially crafted Tiff image file to cause an image viewer or editor to crash. Similar issues affect the .bmp and .gif image file formats.

An error in the way that OS X handles archives such as Zip files creates an opportunity for attackers to crash applications or to execute arbitrary code.

The researcher gave one of the flaws a severity rating of 'high' and rated the remaining six 'medium'.

Security organisations Secunia and the Sans Internet Storm Centre claimed that the vulnerabilities are "highly critical" because they allow attackers to execute code on a system or can cause a denial of service attack.

"There seem to be some problems with the claimed 'solid as a rock' Unix operating system," Ferris wrote on his website when he announced the vulnerability disclosure earlier this month. 

"Getting Safari to crash in many different spots is trivial, whereas Firefox is very tough."

Apple uses the 'Solid as a rock' slogan on its website to describe OS X's security record. 

The application has suffered only a few isolated virus attacks which have failed to cause any harm, but some experts have warned that the software will become a more attractive target as it gains market share.

Ferris said that he reported the vulnerabilities to Apple at the beginning of the year and claimed that they will be fixed in the next security release.

A spokesman for Apple said that he was aware of Ferris's report, but was unable to comment on the vulnerabilities.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Related whitepapers

Related jobs

Most watched

Xperia X1

Video Review: Sony Ericsson Xperia X1

First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1

HTC Hero

Video: HTC Hero launch

Handset maker unveils its latest Android-based smartphone

IT white papers

Search white papers

Top categories

Poll

Poll: Summer smartphones

Poll: Summer smartphones

Which smartphone will you be taking to the beach this summer?

View poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

firefox logo

In Pictures: Firefox 3.5

Screenshots from Mozilla's latest Firefox web browser

BT

BT scraps Phorm rollout

Telco claims to be too tight on resources to support...

Nokia

Nokia denies Android smartphone rumours

Mobile phone giant insists it will stick with Symbian

Second Life

Second Life seeks to mix the real and virtual worlds

Linden Lab unveils plans to integrate with social networks and...

Primary Navigation