Acidus wrote: A remote user can send specially crafted data to trigger a buffer overflow in the UPnP Internet Gateway Device Standardized Device Control Protocol code and execute arbitrary code on the target system. The code will run with the privileges of the target service.
"privileges of target service" == root Apple credits Michael Lynn of Juniper Networks with reporting this vulnerability.
Mike's fuzzing DNS again which is oh so Dan Kaminski-esque.
I don't fuzz and this was not DNS it was upnp, also interesting to note that the bug was fully remote, not local lan, still dont know why apple said it was local lan only... --Mike RE: Remote root in Mac OS-X | 
