Mac OS X, Windows Security Gaps Found

By Matthew Hicks  |  Posted 2003-11-26 Print this article Print

Mac OS X Panther and Jaguar are found to be vulnerable to the malicious granting of root access, while five holes in Microsoft's Internet Explorer for Windows could compromise a user's system.

On Wednesday, William Carrel posted an advisory warning of a malicious DHCP response that can grant root access for Mac OS X. The vulnerability affects the desktop and server versions of Mac OS X 10.2, known as Jaguar, as well as Mac OS X 10.3, known as Panther, he wrote. Carrel noted that Apple Computer Inc. currently has no patch for the hole but may be looking to provide an update in December. Carrel wrote that he had notified Apple of the security issue before Panther and a November security update were released. Apple officials could not be immediately reached for comment.
Separately, Copenhagen, Denmark-based security company Secunia issued a security advisory late Tuesday about five security vulnerabilities in Internet Explorer 6.0 and possibly in earlier versions of the browser as well. Together, they "can be exploited to compromise a users system" the advisory warns.
Secunia suggested that users disable "active scripting" or use another browser to avoid the vulnerabilities. Microsoft officials said that they were investigating the issue but have not been made aware of any exploits or customer impacts of the reported vulnerabilities. "Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a fix through our monthly patch release process or an out-of-cycle patch, depending on customer needs," said Stephen Toulouse, security program manager of Microsofts Security Response Center, in a statement. In addition, Secunia late last week also found vulnerabilities in the Opera browser, Version 7.22 and earlier, that can cause a buffer overflow. Opera this week released an update to its browser, Opera 7.23, that fixes the holes.
Matthew Hicks As an online reporter for, Matt Hicks covers the fast-changing developments in Internet technologies. His coverage includes the growing field of Web conferencing software and services. With eight years as a business and technology journalist, Matt has gained insight into the market strategies of IT vendors as well as the needs of enterprise IT managers. He joined Ziff Davis in 1999 as a staff writer for the former Strategies section of eWEEK, where he wrote in-depth features about corporate strategies for e-business and enterprise software. In 2002, he moved to the News department at the magazine as a senior writer specializing in coverage of database software and enterprise networking. Later that year Matt started a yearlong fellowship in Washington, DC, after being awarded an American Political Science Association Congressional Fellowship for Journalist. As a fellow, he spent nine months working on policy issues, including technology policy, in for a Member of the U.S. House of Representatives. He rejoined Ziff Davis in August 2003 as a reporter dedicated to online coverage for Along with Web conferencing, he follows search engines, Web browsers, speech technology and the Internet domain-naming system.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel