Mac And Linux Bastilles Assaulted By New Attacks

[Peaches]

Mac and Linux Bastilles assaulted by new attacks

No one here gets out alive

By John Leyden

A set of recently discovered security holes in Mac and Linux platforms reminds those over-confident in their superior protection that no one is immune to vulnerabilities.

H Security reports on a series of actively exploited vulnerabilities in Apple's Mac OS X operating system that remain unpatched. A vulnerability in mounting malformed HFS disk images creates a privilege elevation risk, allowing regular users to obtain root privileges.

Other exploits involving kernel system vulnerabilities create a means for hackers to crash vulnerable systems. Lastly, another unpatched flaw in AppleTalk poses a system crash (though not code injection) risk.

The flaws were first demonstrated at the CanSecWest security conference last month but remain unpatched, H Security adds.

Separately security researchers have unearthed a potential method for dropping rootkits onto vulnerable Linux systems. Anthony Lineberry, senior software engineer for Flexilis, is due to demonstrate how to hack into the Linux kernel by exploiting the driver interface to reach into physically addressable memory. At a session during the BlackHat security conference in Amsterdam on Thursday afternoon. The attack represents a new spin on a well understood class of risk, Dark Reading adds

The register - http://www.theregister.co.uk/2009/04/16/al...ative_os_flaws/