New Mac OS X Security Vulnerability Found

Get ready for a reboot and see you guys next time. :rolleyes:

Nothing but FUD. You have to have a local account on the machine.

"Description:
Ilja Van Sprundel has discovered a vulnerability in Mac OS X, which can be exploited by malicious, local users to cause a DoS (Denial of Service)."

http://projects.info-pull.com/mokb/MOKB-09-11-2006.html

"Failure to handle unknown file types by the Mac OS X kernel (XNU) fpathconf() syscall causes a kernel panic, leading to an exploitable local denial of service by non-privileged users."

It's not FUD in itself. It's a "not critical" vulnerability of which lots are found every year for all OSes. Secunia reports them all. If it's reported as anything other than "not critical" it becomes FUD. As a single news item, it's not even worth a page 2 article. Together with the other non-news item OSX.Macarena... perhaps, but only just.

Yeah, can we not label real security issues as "FUD" please? Just because its only going to be a threat if you have evil users on your machine, doesn't mean they should report it. These guys (Secuna) are doing everyone a favor by finding these issues. Maybe a local exploit isn't important to you, but not every Mac has local trusted users, think College Mac labs for example.

Nothing but FUD.

Is reporting on any security vulnerability FUD to you? due to the non-critical nature of this story, we put it on page2. But it is still a vulnerability, so we reported it. Remember also that the vulnerability is still unpatched as well.

Nothing but FUD. You have to have a local account on the machine.

"Description:
Ilja Van Sprundel has discovered a vulnerability in Mac OS X, which can be exploited by malicious, local users to cause a DoS (Denial of Service)."

http://projects.info-pull.com/mokb/MOKB-09-11-2006.html

"Failure to handle unknown file types by the Mac OS X kernel (XNU) fpathconf() syscall causes a kernel panic, leading to an exploitable local denial of service by non-privileged users."

It's still important that it's fixed. It may not happen that everyone is in the position to have the problem, but someone might. Security problems need to be handled correctly and quickly.

Security company Secunia reports that a new vulnerability in the way Mac OS X handles the "fpathconf()" system call has been discovered.

Secunia? The ones that everyday publish crap about security vulnerabilities on the world wide web that can be read by thousands of black-hatters?

this would be cool and interesting. if it could spread, before it ran itself, and by "running itself," i mean copying that code into startupItems, so you KP every time you turn on. that'd at least be a pain in the neck to fix, if still non-destructive.

I wonder how large a message board would be if they had one of these threads every time a security vulnerability was found in Windows....:eek:

If you have local access to a machine, you can basically do anything.

There are worse things you can do with sudo in both Linux and OS X, than what this above 'vulnerability' describes. Hacking the sudo config file is easy enough, also.

That's almost like saying; "Here's a Linux and OS X vulnerability":

(note: don't actually do this, unless you want to erase your hard drive)

$ sudo rm -rf /

Wow! News headline. We have a *VIRUS!*
Macrumors: post me to a page 2 headline!!

Recently, another Mac OS X concept virus was developed, code named OSX.Macarena.

The person who posted this in the first place has no idea what they are talking about. 'ANOTHER' virus? The FIRST link in question (secunia) is not a virus. It is about as far from being a virus as you can get. Why put a statement about a "virus" in with a local account bug?

I don't know how else you can spread FUD other than having a statement like the above statement.