The ffs_mountfs() function, part of the UFS filesystem handling code (shared between FreeBSD and Mac OS X XNU) is affected by an integer overflow vulnerability, leading to an exploitable denial of service condition and potential arbitrary code execution.
For further information:
Note: Apple requested confirmation more than one month ago, when the original FreeBSD UFS vulnerabilities got published in the MoKB. This serves as confirmation that the issues obviously exist in both XNU and FreeBSD. It wasn't that difficult to verify, given that the UFS code is exactly the same in both.
We'll be releasing kernel-related issues for some time (mixed with remote user-land issues, just to keep it fun). Mostly DMG related flaws that didn't make it to the MoKB schedule.
