10 December 2007 @ 17:45Leopard Integer Overflow
Heise Security is reporting that a vulnerability has been found in the load_threadstack function in mach_loader.c when processing Mach-O binaries, which can lead to a kernel panic.
Single user systems should not be at risk as the bug can only be exploited by users logged onto a system. The bug does, however, represent a problem on multi-user systems, as an attacker does not require any special privileges to provoke this error. The vulnerability is present in Mac OS X 10.5, 10.5.1 and 10.4.11. No patch is presently available, but an exploit for testing is.