Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

New OS X Vulnerability: Bigfoot Or Big Problem?

Engadget.com and several other sites are reporting that a Mac OS X vulnerability has been found and is being exploited by a so-called "independent researcher." The individual -- calling himself "InfoSec Sellout" -- claims that after "further research" he will present his findings to Apple -- for the right price. Whether the vulnerability truly exists or not, however, has become a bit of a controversy.

Infosec Sellout's blog was shut down after it appears that someone identified the individual behind it. It's been generating some inflammatory but mostly technically accurate posts for a while now. My guess is that there probably is a real vulnerability, though there's some doubt. The matasano blog has an unofficial patch that shuts off one particularly buggy code path in the application, but it's a source code patch only now and not for the faint of heart to try to apply.

Ryan Naraine has good coverage as well on his blog.

  • 1