Unpatched bug bites Apple Mac OS X
Isn't this only supposed to happen to Windoze users?
22nd November 2006 18:48 GMT
Security researchers have discovered a serious, unpatched vulnerability in Mac OS X. The memory corruption bug creates a means for attackers to take control of even fully patched systems.
Flaws in the way the AppleDiskImageController handles corrupted DMG image structures could be exploited to trigger memory corruption and the execution of arbitrary code in kernel-mode, Secunia, the IT security consultancy, warns.
Upshot: bad people could compromise vulnerable Macs, by bamboozling users to visit websites containing corrupted DMG files.
"A lot of OS X binaries can arrive as DMG files. They are complete file systems, and are automounted in a default configuration," The SANS Institute's Internet Storm Centre notes.
Security watchers advises Mac fans to deactivate the open "safe files" after downloading option in their Safari preferences as a workaround (as explained here), pending the release of appropriate security patches from Apple. Mac OS X version 10.4.8 systems are confirmed to be at risk and other systems might also be vulnerable.
The vulnerability, originally reported by the Month of Kernel Bugs Project, represents a rare example of an unpatched vulnerability affecting Apple systems. Windows users by contrast are, of course, all too familiar with the growing problem of so-called zero-day exploits. ®
Register Hardware » News » Mac
Print
Retweet
Apple iMac All-In-One Desktop (3.06GHz Intel Core 2 Duo, 4GB DDR2, 1TB, DVD+-RW DL, Mac OS X v10.5 Snow Leopard, 27" LCD)
Apple 13.3" MacBook Pro Notebook (2.26GHz Intel Core 2 Duo Mobile, 2GB DDR3, 160GB HDD, DVD±RW DL, Mac OS X v10.5 Leopard, 13.3" LCD)
Apple MacBook Notebook (2.4GHz Intel Core 2 Duo Mobile, 2GB DDR3, 250GB HDD, DVD±RW DL, Mac OS X v10.6 Snow Leopard, 13.3" LCD)
Apple 13.3" MacBook Notebook (2.13GHz Intel Core 2 Duo Mobile, 2GB DDR2, 160GB HDD, DVD±RW DL, Mac OS X v10.5 Leopard, 13.3" LCD)
Apple Magic Wireless Laser Mouse (Bluetooth)
