- CNET NETWORKS UK BUSINESS SITES:
- atlarge.com
- BNET UK
- silicon.com
- SmartPlanet.com
- ZDNet.co.uk
It's open to malicious elements...
By Elinor Mills
Published: 22 November 2006 08:40 GMT
A security researcher has published attack code for an unpatched flaw in Mac OS X.
The proof-of-concept code exploits a security hole in the way Apple's operating system handles disk image files, the researcher wrote on a blog devoted to a 'Month of Kernel Bugs' campaign which promises to reveal details of a new flaw in low-level software every day this month.
The researcher, who goes by the initials 'LMH', wrote: "Mac OS X com.apple.AppleDiskImageController fails to properly handle corrupted DMG (disk image) image structures, leading to an exploitable memory corruption condition with potential kernel-mode arbitrary code execution by unprivileged users."
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
The vulnerability could be exploited remotely, as Apple's Safari web browser loads DMG files from external sources, such as one found while visiting an URL, LMH wrote. That could let an outsider compromise a system.
Secunia rated the vulnerability as "highly critical" in an advisory on its website. In addition to being used to compromise a computer, the flaw could be exploited by malicious local users to gain escalated privileges to the system, the security company said.
Apple representatives did not respond to a request for comment.
In the blog, LMH said people can prevent an attack by "changing the Preferences and deactivating the functionality for opening 'safe' files after downloading".
Vulnerabilities in the Mac OS have been rising, leading some experts to note that the Macintosh platform is not impervious to security problems. The vast majority of security vulnerabilities affect computers running Microsoft Windows.
Elinor Mills writes for CNET News.com
SYSTEMS ADMINISTRATOR - APPLE MAC & OS X DESKTOP SUPPORT - Cambridge, South East The European Bioinformatics Institute (EBI) is a non-profit academic ...
Are you experienced on Apple Mac based applications? To apply, you will need an impressive portfolio in flash and graphic work/video editing and ...
Novell NetWare, Linux, and Apple Mac OS - Experience of remote computer systems management Desirable Requirements Include: - Knowledge of Novell ...
CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
RSS Feeds
Peter Cochrane Peter Cochrane's Blog: Is convergence a fiction? Or could it finally be happening…
Clive Longbottom Quocirca's Straight Talking: A game of two halves Microsoft Virtualisation scores while its SOA bores...