Risk: Medium
A source-code audit of the open-source operating system from which Apple Computer borrowed much of the code for Mac OS X revealed four vulnerabilities of varying severity in Apple's software.
The flaws in Darwin affect Mac OS X version 10.3--dubbed Panther--and are caused by memory errors in the kernel, according to an advisory released by ImmunitySec, the security company that found the flaws.
"In terms of criticalness, this kind of bug mostly affects remote systems with multiple users," said ImmunitySec, adding that since Mac OS X is most often used on the desktop, the flaws will not be overly important on most people's systems.
The company originally found the flaws in June 2004 and published them to a private list of customers but did not notify Apple. It published the flaws in January 2005, to the public domain, after presenting them at a seminar.
Apple confirmed that it had not been told of the flaws and said it was analysing the vulnerabilities, but would not elaborate.
ImmunitySec found the flaws by analysing the publicly available source code of the Darwin operating system, which implements a variant of Unix known as BSD. Darwin forms the core of Apple's modern Mac OS X operating system, and the flaws found by the security company also affected Apple's operating system.
The flaws include a bug in Mac OS X's SearchFS function, several kernel memory overflows and a logic bug in the AT command, which is used to schedule tasks by the operating system.