Apple + Security & Privacy

SecurityReason has issued a security alert regarding a system flaw in Mac OS X that could be a vector for attack. While they rate it as a high risk, for now, the flaw is not being exploited. However, Apple has known about this bug since June, and has not bothered to fix it.

The bug in question affects the libc/strtod(3) and libc/gdtoa functions in Mac OS X, as well as other Unix-based operating systems. FreeBSD and NetBSD have fixed the flaw, but Apple has apparently forgotten to do so. Because these functions are used in many applications, this could be a vector of attack by remote users via web browsers, e-mail clients and more.

For now, we’re keeping an eye out for any malware that attempts to exploit this vulnerability. This bug could have serious consequences, and it is essential that Apple fix it. Since Apple has known about the problem for more than six months, this should have been done by now.