A UK government organization responsible for gathering information on IT security incidents has issued two security advisories regarding recently identified vulnerabilities in Mac OS X.
UNIRAS – the Unified Incident Reporting and Alert Scheme – issued the advisories. The first advisory states that "several security vulnerabilities have been identified in Mac OS X Jaguar and Panther," and describes the risk as "high".
This security vulnerability is described as a "pre-authentication, remotely exploitable stack buffer overflow that allows an attacker to obtain administrative privileges".
The other advisory describes a Mac OS X file server authentication vulnerability – also "high" risk. It is described as a buffer overflow vulnerability in the way the AppleFileServer handles certain authentication requests. UNIRAS suggests that "a remote attacker could overflow a buffer, gain root privileges, and execute arbitrary commands on the system."
In both cases UNIRAS advises users to upgrade to the latest version of the operating system.
UNIRAS is gathers information on IT security incidents in government departments and agencies, producing periodic analysis and assessment of incidents and trends, and issuing alerts and briefings on matters of IT security concern. It is a fully integrated part of the National Infrastructure Security Co-ordination Centre (NISCC).