Original URL: http://www.reghardware.co.uk/2006/11/22/mac_zero_day_bug/
Security researchers have discovered a serious, unpatched vulnerability in Mac OS X. The memory corruption bug creates a means for attackers to take control of even fully patched systems.
Flaws in the way the AppleDiskImageController handles corrupted DMG image structures could be exploited to trigger memory corruption and the execution of arbitrary code in kernel-mode, Secunia, the IT security consultancy, warns (http://secunia.com/advisories/23012).
Upshot: bad people could compromise vulnerable Macs, by bamboozling users to visit websites containing corrupted DMG files.
"A lot of OS X binaries can arrive as DMG files. They are complete file systems, and are automounted in a default configuration," The SANS Institute's Internet Storm Centre notes (http://isc.sans.org/diary.php?storyid=1878).
Security watchers advises Mac fans to deactivate the open "safe files" after downloading option in their Safari preferences as a workaround (as explained here (http://browsers.about.com/od/howtotutorials/ss/safari_opensafe.htm)), pending the release of appropriate security patches from Apple. Mac OS X version 10.4.8 systems are confirmed to be at risk and other systems might also be vulnerable.
The vulnerability, originally reported (http://projects.info-pull.com/mokb/MOKB-20-11-2006.html) by the Month of Kernel Bugs Project, represents a rare example of an unpatched vulnerability affecting Apple systems. Windows users by contrast are, of course, all too familiar with the growing problem of so-called zero-day exploits. ®
Apple's Safari 3: a crashing experience for non-US users (12 June 2007)
http://www.reghardware.co.uk/2007/06/12/safar_crashing_experience/
Apple patches security hole in QuickTime (2 May 2007)
http://www.reghardware.co.uk/2007/05/02/apple_quicktime_patch/
QuickTime, not Safari, to blame for MacBook vuln (25 April 2007)
http://www.reghardware.co.uk/2007/04/25/quicktime_vuln_fells_mac/
Safari zero-day exploit nets $10,000 prize (20 April 2007)
http://www.reghardware.co.uk/2007/04/20/pwn-2-own_winner/
Unpatched bug bites QuickTime (3 January 2007)
http://www.theregister.co.uk/2007/01/03/quicktime_vuln/
Month of Apple bugs planned for January (20 December 2006)
http://www.theregister.co.uk/2006/12/20/month_of_apple_bugs/
Amazon.com mixes Marmite with .Mac (30 November 2006)
http://www.reghardware.co.uk/2006/11/30/amazon_marmite_dotmac/
Apple blocks Mac OS X security holes (29 November 2006)
http://www.reghardware.co.uk/2006/11/29/apple_patches_osx_security/
VoIP and IE risks star in SANS' threat list (16 November 2006)
http://www.theregister.co.uk/2006/11/16/sans_top_20/
Apple patches Intel-based Macs' firmware (14 November 2006)
http://www.reghardware.co.uk/2006/11/14/apple_updates_mac_firmware/
Virus dances onto Mac OS X (6 November 2006)
http://www.reghardware.co.uk/2006/11/06/mac_osx_virus/
Web viruses drop off despite IE exploit flap (18 October 2006)
http://www.theregister.co.uk/2006/10/18/malware_trends_scansafe/
Apple issues Mac OS X update (2 October 2006)
http://www.reghardware.co.uk/2006/10/02/apple_patches_osx/
Another day, another zero-day MS exploit (28 September 2006)
http://www.theregister.co.uk/2006/09/28/0-day_powerpoint_threat/
Unofficial IE patch saves humanity (25 September 2006)
http://www.theregister.co.uk/2006/09/25/unofficial_ie_patch/
Trojan targets 0-day Word vuln (5 September 2006)
http://www.theregister.co.uk/2006/09/05/ms_office_trojan/
Unpatched enterprise security bugs proliferate (24 August 2006)
http://www.theregister.co.uk/2006/08/24/0-day_manace/