The first advisory, “Long argv[] Buffer Overflow,” warns that an attacker could possibly crash Mac OS X and execute commands as root.
The Systemic Insecure File Permissions advisory states some applications on the vulnerable Mac OS X systems are installed with insecure file permissions and are globally writable. This lets attackers with file-system access to an OS X machine replace binaries and obtain additional privileges from unsuspecting users, who may run the replaced version of the binary.
The third vulnerability, Arbitrary File Overwrite via Core Files, enables attackers with certain access rights to overwrite arbitrary files and read certain files.
There is no patch available for these vulnerabilities.
An Apple Computer spokesperson could not say where the company would issue a fix, but Apple is working on a statement about the issue.
More info: [url=http://www.informationweek.com/story/showArticle.jhtml;jsessionid=SJHW4MC3SCD14QSNDBGCKHQ?articleID=15800094]http://www.informationweek.com/story/showArticle.jhtml;jsessionid=SJHW4MC3SCD14QSNDBGCKHQ?articleID=15800094[/url]