To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39164223,00.htm

"Highly critical" Mac OS X kernel hole unearthed
It's open to malicious elements...

By Elinor Mills

Published: Wednesday 22 November 2006

A security researcher has published attack code for an unpatched flaw in Mac OS X.

The proof-of-concept code exploits a security hole in the way Apple's operating system handles disk image files, the researcher wrote on a blog devoted to a 'Month of Kernel Bugs' campaign which promises to reveal details of a new flaw in low-level software every day this month.

The researcher, who goes by the initials 'LMH', wrote: "Mac OS X com.apple.AppleDiskImageController fails to properly handle corrupted DMG (disk image) image structures, leading to an exploitable memory corruption condition with potential kernel-mode arbitrary code execution by unprivileged users."

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

The vulnerability could be exploited remotely, as Apple's Safari web browser loads DMG files from external sources, such as one found while visiting an URL, LMH wrote. That could let an outsider compromise a system.

Secunia rated the vulnerability as "highly critical" in an advisory on its website. In addition to being used to compromise a computer, the flaw could be exploited by malicious local users to gain escalated privileges to the system, the security company said.

Apple representatives did not respond to a request for comment.

In the blog, LMH said people can prevent an attack by "changing the Preferences and deactivating the functionality for opening 'safe' files after downloading".

Vulnerabilities in the Mac OS have been rising, leading some experts to note that the Macintosh platform is not impervious to security problems. The vast majority of security vulnerabilities affect computers running Microsoft Windows.

Elinor Mills writes for CNET News.com