According to the CanSecWest information security conference organizers, one participant has managed to remotely gain user level privileges on an Apple Mac OS X box with all the latest security patches applied (this would include security update 2007-004, released on 19 Apr 2007).
Apparently the vulnerability exists in Safari, the Macintosh-native web browser, and can be exploited through a malicious web page. This would mean that probably most modern Macintosh workstations are vulnerable, with no patch yet available. As the organizers put it, “this one is 0day folks”.
Post a Comment