New OS X Vulnerability: Bigfoot Or Big Problem?

An "independent researcher" claims to have uncovered (and will no doubt exploit) a vulnerability within Mac OS X. But the validity of his claims is being challenged.

July 20, 2007

1 Min Read
Network Computing logo

Engadget.com and several other sites are reporting that a Mac OS X vulnerability has been found and is being exploited by a so-called "independent researcher." The individual -- calling himself "InfoSec Sellout" -- claims that after "further research" he will present his findings to Apple -- for the right price. Whether the vulnerability truly exists or not, however, has become a bit of a controversy.

Infosec Sellout's blog was shut down after it appears that someone identified the individual behind it. It's been generating some inflammatory but mostly technically accurate posts for a while now. My guess is that there probably is a real vulnerability, though there's some doubt. The matasano blog has an unofficial patch that shuts off one particularly buggy code path in the application, but it's a source code patch only now and not for the faint of heart to try to apply.

Ryan Naraine has good coverage as well on his blog.


SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights