Got a tip for us? Share it...
RSS

Multiple Security Vulerabilities Found In Apple's Disk Image Software

Tuesday November 21, 2006 4:59 pm PST by longofest
The "Month of Kernel Bugs" project has found two unpatched security vulnerabilities in the way Mac OS X handles .dmg files.

The first vulnerability, rated "highly critical" by security-firm Secunia, can lead to privilege escalation, denial of service, and system access by a remote user (if Safari's open "safe" files option is checked).

The second issue is similar in nature, in that a corrupted UDTO HFS+ .dmg (ex. bad sectors) can lead to a denial of service condition.

A workaround for both issues is to disable Safari's option to open "safe" files after downloading, and to not open any .dmg file from a source you do not trust.

The latest findings increase the total to four security bugs found in Apple's software since the beginning of the project this month (See also: Airport Driver Exploit , fpathconf() Exploit ). The project has also targeted Windows, Linux, and other popular BSD distributions, with a stated goal to "check how many unreported and unknown issues can be found in kernel code out there, using simple, yet effective tools deploying techniques such as fuzzing and 'stress testing'."
[ 38 comments ]

Top Rated Comments

(View all)

Avatar
Drizzt
68 months ago
Can someone translate this for the layman?
Rating: 0 Positives / 0 Negatives
Avatar
longofest
68 months ago
Hey guys... didn't post this as FUD... just wanted to get the word out on the vulnerabilities, and to make sure everyone has that option disabled in Safari.
Rating: 0 Positives / 0 Negatives
Avatar
longofest
68 months ago

Can someone translate this for the layman?


Sorry about that... these security things can be a bit tech-heavy.

Both vulnerabilities can potentially allow someone to post a disk image (like what you download software on) on a website and craft it in such a way that they could remotely take over your computer. Since some pages can even be written so that you don't even have to click on a link to download a file, it is even more sinister since you may not even think you have downloaded the file.

In order to mitigate the risk until Apple posts a patch, you should either use another browser other than Safari, or go into Safari's preferences and turn off "automatically open safe files" option. Also, don't open any .dmg files that you don't trust.
Rating: 0 Positives / 0 Negatives
Avatar
Dunepilot
68 months ago
This'll be patched before we know it.
Rating: 0 Positives / 0 Negatives
Avatar
x86isslow
68 months ago
Is this only relevant for people who use Safari? I have similar auto-run operations in Adium (Accept Safe Files from Buddies) and Camino (Open safe files).
Rating: 0 Positives / 0 Negatives
Avatar
k2k koos
68 months ago
I'm glad there are people that do the right thing with what they find, report it so that the software companies can improve their code. No one will claim that
Apple's software is flawless, but it is very very solid. I wonder what they found in the Windows and Linux OS's. Probably a thing or two too.
Rating: 0 Positives / 0 Negatives
Avatar
shawnce
68 months ago

Is this only relevant for people who use Safari? I have similar auto-run operations in Adium (Accept Safe Files from Buddies) and Camino (Open safe files).


No it is not related to Safari.

It is related to opening a malicious disk image, which as you point out can automatically be opened by various pieces of software that are used to download or transmit files.
Rating: 0 Positives / 0 Negatives
Avatar
SC68Cal
68 months ago
There is always work to be done.
Rating: 0 Positives / 0 Negatives
Avatar
Analog Kid
68 months ago
Interesting that there's only one Windows flaw listed and a bunch of OS X and Linux bugs. Is that because of audience?
Rating: 0 Positives / 0 Negatives
Avatar
swingerofbirch
68 months ago
Is this why Apple lists safe in quotations marks, as to suggest sarcasm? lol......
Rating: 0 Positives / 0 Negatives

[ Read All Comments ]