Freefall – FreeBSD exploit uncovered
FreeBSD, the code upon which the Darwin core of OSX (Mac and iDevice) is based has suffered an exploit which allows users with limited permissions to gain full root access. Of course, to trigger the exploit, you will have to be good with black and white, a keyboard, software hacking, and have some sort of limited privileges already. Przemyslaw Frasunek, an independent security consultant from Poland, said that versions from 6.0 to the popular 6.4 are vulnerable while 7.1 and beyond are not.
According to The Register, the bug “is a result of a race condition in the FreeBSD kqueue”, a condition which ushers the system to obtain an address of a data item held in another location, commonly referred to as a ‘dereference’. The exploit hasn’t been dealt with yet, but as FreeBSD is regularly updated between the community and its team of about 200 programmers, a fix should be issued soon.
Exploits are common within operating systems and have even popped up within the relatively secure sandbox of the iDevice. But, FreeBSD is a safe computing environment with a core of defensive abilities which should make its users more secure than many other operating systems; this is also the reason why such an exploit can drag a newsworthy position at El Reg’s front page.[via The Register]