It's open to malicious elements...
By Elinor Mills
Published: 22 November 2006 08:40 GMT
A security researcher has published attack code for an unpatched flaw in Mac OS X.
The proof-of-concept code exploits a security hole in the way Apple's operating system handles disk image files, the researcher wrote on a blog devoted to a 'Month of Kernel Bugs' campaign which promises to reveal details of a new flaw in low-level software every day this month.
The researcher, who goes by the initials 'LMH', wrote: "Mac OS X com.apple.AppleDiskImageController fails to properly handle corrupted DMG (disk image) image structures, leading to an exploitable memory corruption condition with potential kernel-mode arbitrary code execution by unprivileged users."
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
The vulnerability could be exploited remotely, as Apple's Safari web browser loads DMG files from external sources, such as one found while visiting an URL, LMH wrote. That could let an outsider compromise a system.
Secunia rated the vulnerability as "highly critical" in an advisory on its website. In addition to being used to compromise a computer, the flaw could be exploited by malicious local users to gain escalated privileges to the system, the security company said.
Apple representatives did not respond to a request for comment.
In the blog, LMH said people can prevent an attack by "changing the Preferences and deactivating the functionality for opening 'safe' files after downloading".
Vulnerabilities in the Mac OS have been rising, leading some experts to note that the Macintosh platform is not impervious to security problems. The vast majority of security vulnerabilities affect computers running Microsoft Windows.
Elinor Mills writes for CNET News.com
The ideal candidate will have the following attributes: - Ability to demonstrate a strong creative flair and vision - The desire to push creativity ...
KEYWORDS : Mac OSX, Windows, OSX Server, ARD, Support, Macintosh, Windows Server, Quark Express, Adobe, MS Office, Extensis Suitcase, FTP, Carbon ...
Brands & technologies, and Vulnerability Network Scanners ( Nessus, nmap, Cybercop, ISS Internet Scanner). Windows 2000, Windows NT, Novell, Lotus ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business
Tim Ferguson Exclusive: Former MySQL boss Marten Mickos talks open source Why Microsoft could become one of the "biggest friends of open source" and why Oracle getting its hands on MySQL could be "one of the biggest open source coups ever"...