“We appreciate not only what he is doing as a developer but also his contributions to the entire mac community.” “Patrick is a long-time Little Snitch user and we are in contact at regular intervals,” said Objective Development representatives. The vendor also pointed out that there is no evidence that the vulnerability has been exploited in the wild. The company told SecurityWeek that versions released in January and later are not affected and its server logs indicate that a vast majority of users have updated their installations. The vulnerability was reported to the developer of Little Snitch, Objective Development, on January 17 and it was patched 11 days later with the release of version 3.6.2. Patrick Wardle, director of research at Synack, discovered that Little Snitch was plagued by a heap overflow that allowed a local user or an unprivileged piece of malware to escalate their privileges to root or run unsigned code in the kernel.
#LITTLE SNITCH MAC OS X#
A serious vulnerability in the Mac OS X firewall Little Snitch could have been exploited by hackers to gain root privileges on a system or execute arbitrary code in the context of the kernel.
0 kommentar(er)
