well, I have already sent a copy of the dump log along with a couple of suggestions. hopefully, they will pay attention. I also asked them to make at least 1 security patch that would cover older versions of OS X (like lion). I know that may be a moot point, but I had to try anyway.
-eric On Feb 14, 2016, at 7:08 PM, 'Jason White' via MacVisionaries wrote: > Eric Oyen <eric.o...@icloud.com> wrote: >> oh yeah. well, its not a virus string. I just got done doing a little >> reading in the crash dumps. Its a basic buffer overflow. What gets me is >> that it appears to operate across at least 2 platforms. THis means that the >> bug, itself, is in the voiceover speech engine. It also appears to happen >> across multiple versions of both OS X and iOS. THat means this has been a >> long running problem. Looks like someone over at the apple development team >> needs to audit the code. > > > If that's the case then indeed they do need to audit it. > > Could someone exploit this buffer overflow to execute arbitrary code? If so, > then it's a security vulnerability. > > I'm reasonably confident that OS X has the non-execute bit set on the stack > and presumably in other areas, so it might not be exploitable, but I truly > don't know and until we determine otherwise it should be taken very seriously. > > At the moment, it's a serious denial of service vulnerability. > > -- > The following information is important for all members of the Mac Visionaries > list. > > If you have any questions or concerns about the running of this list, or if > you feel that a member's post is inappropriate, please contact the owners or > moderators directly rather than posting on the list itself. > > Your Mac Visionaries list moderator is Mark Taylor and your owner is Cara > Quinn - you can reach Cara at caraqu...@caraquinn.com > > The archives for this list can be searched at: > http://www.mail-archive.com/macvisionaries@googlegroups.com/ > --- > You received this message because you are subscribed to the Google Groups > "MacVisionaries" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to macvisionaries+unsubscr...@googlegroups.com. > To post to this group, send email to macvisionaries@googlegroups.com. > Visit this group at https://groups.google.com/group/macvisionaries. > For more options, visit https://groups.google.com/d/optout. -- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor and your owner is Cara Quinn - you can reach Cara at caraqu...@caraquinn.com The archives for this list can be searched at: http://www.mail-archive.com/macvisionaries@googlegroups.com/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to macvisionaries+unsubscr...@googlegroups.com. To post to this group, send email to macvisionaries@googlegroups.com. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.
