The Story of a Simple and Dangerous Mac OS X Kernel Bug

“Among other things, the update for Mac OS X 10.5.8 also fixed an interesting kernel bug related to the way the fcntl call is handled. The bug was identified as CVE-2009-1235 and the first exploit seems to be from June 2008. The variant that I discovered is much simpler and is, as far as I know, the one that really convinced Apple to solve the issue. The oldest kernel I was able to test the problem was Darwin 8.0.1 which corresponds to Mac OS X 10.4 ^aEURoeTiger^aEUR. The Tiger was announce in June 28, 2004 but was released to the public on April 29, 2005 and it was advertised as containing more than 200 new features. The bug was closed on August 5, 2009 so the number of days the vulnerability was alive was 1599 days (4 years and 3 months).”

3 Comments

  1. 2009-09-01 9:58 pm
    • 2009-09-02 1:37 am
      • 2009-09-03 5:39 am