• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Apple Mac OS X Foundation 'NSXML' XML File Processing Race Condition Security Vulnerability

Apple Mac OS X Foundation framework is prone to a race-condition security vulnerability.

An attacker can exploit this issue by enticing an unsuspecting user to process a malicious XML file with an application that uses the 'NSXML' API. This can allow arbitrary code to run with the privileges of the user running the application that uses the affected API. Failed attacks will cause denial-of-service conditions.

NOTE: This vulnerability was previously covered in BID 28304 (Apple Mac OS X 2008-002 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.