To confirm my suspicions, I tried compiling the sample test cost published with the vulnerability ( ), and it failed because the vulnerable function in GlobC (gethostbyname_r) isn't available on Mac OS X - or, at least, it's not part of the libraries included with XCode: $ gcc -v -o GHOST GHOST.cĪpple LLVM version 6.0 (clang-600.0.54) (based on LLVM 3.5svn) Mac OS X, at it's core, doesn't need the functions in GlibC because the've been implemented elsewhere in different APIs written by Apple. Obviously, an app could include the library for it's own use (especially if it's cross platform) and that could certainly be an issue, but those are one off cases. Obviously, we'll want to wait for Apple to confirm or deny with full detail, but I think Mac OS X is mostly safe.Īs far as I can tell, Apple doesn't include the GNU C Library in Mac OS X by default - and why would they? If you're writing a Mac OS X app, you ought to be using Cocoa APIs, writing in Swift, or maybe Carbon if you're dealing with old code and don't care about 圆4 support, Grand Central Dispatch, etc.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |