Eric Oyen <[email protected]> wrote: > oh yeah. well, its not a virus string. I just got done doing a little > reading in the crash dumps. Its a basic buffer overflow. What gets me is > that it appears to operate across at least 2 platforms. THis means that the > bug, itself, is in the voiceover speech engine. It also appears to happen > across multiple versions of both OS X and iOS. THat means this has been a > long running problem. Looks like someone over at the apple development team > needs to audit the code.
If that's the case then indeed they do need to audit it. Could someone exploit this buffer overflow to execute arbitrary code? If so, then it's a security vulnerability. I'm reasonably confident that OS X has the non-execute bit set on the stack and presumably in other areas, so it might not be exploitable, but I truly don't know and until we determine otherwise it should be taken very seriously. At the moment, it's a serious denial of service vulnerability. -- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor and your owner is Cara Quinn - you can reach Cara at [email protected] The archives for this list can be searched at: http://www.mail-archive.com/[email protected]/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.
