Multiple Security Vulerabilities Found In Apple's Disk Image Software - MacRumors
Skip to Content

Multiple Security Vulerabilities Found In Apple's Disk Image Software

The "Month of Kernel Bugs" project has found two unpatched security vulnerabilities in the way Mac OS X handles .dmg files.

The first vulnerability, rated "highly critical" by security-firm Secunia, can lead to privilege escalation, denial of service, and system access by a remote user (if Safari's open "safe" files option is checked).

The second issue is similar in nature, in that a corrupted UDTO HFS+ .dmg (ex. bad sectors) can lead to a denial of service condition.

A workaround for both issues is to disable Safari's option to open "safe" files after downloading, and to not open any .dmg file from a source you do not trust.

The latest findings increase the total to four security bugs found in Apple's software since the beginning of the project this month (See also: Airport Driver Exploit , fpathconf() Exploit ). The project has also targeted Windows, Linux, and other popular BSD distributions, with a stated goal to "check how many unreported and unknown issues can be found in kernel code out there, using simple, yet effective tools deploying techniques such as fuzzing and 'stress testing'."

Popular Stories

Apple Acquires Award Winning App Play Feature

Apple Acquires Award-Winning App 'Play'

Monday June 29, 2026 7:39 am PDT by
In February, Apple notified the European Commission that it would be acquiring certain assets from and have the right to hire certain employees from Rabbit 3 Times, the company behind the award-winning app design tool Play. The notification was published on the European Commission's website this week, following a four-month waiting period. Play was a Mac and iPhone app that allowed designers ...
iPhone 18 Pro Deep Red Feature

Apple 'Concerned' Over iPhone 18 Pro Data Leak From Supplier Tata

Monday June 29, 2026 11:46 am PDT by
Apple is "concerned" about a recent data leak from Tata Electronics, one of its manufacturing partners in India, reports Reuters. Tata Electronics was the target of a cyberattack, with confidential Apple documents stolen and shared on the dark web. Hackers were able to steal information about the iPhone 18 Pro and iPhone 18 Pro Max, including a list of suppliers, parts, and images of the...
series 10 apple watch titanium digital crown

Report: Apple Watch Redesign Coming Next Year With New Band System

Tuesday June 30, 2026 8:45 am PDT by
A "major overhaul" of the Apple Watch's design is due to arrive next year with a new system for connecting bands, according to a known Weibo leaker. In a set of recent posts, the leaker known as "Instant Digital" linked the new claim to older rumors about an "Apple Watch X" model, which was said to introduce a fresh design and break compatibility with the existing watch band system. Citing...