Apple security team finds code execution holes in Ruby

Code execution holes in Ruby

A member of Apple’s security team has discovered multiple serious security vulnerabilities in Ruby, the popular open-source scripting language.

According to an advisory on the Ruby project site, Apple’s Drew Yao reported at least six of the vulnerabilities, which can be exploited to cause a denial-of-service  condition or the execution of arbitrary code.

The issues were confirmed in the 1.8 and 1.9 versions of Ruby.  Patch download locations can be found in the alert.

Ruby, initially developed and designed by Yukihiro “Matz” Matsumoto, is the interpreted scripting language for quick and easy object-oriented programming.

[Source: Zdnet]