Multiple Security Vulerabilities Found In Apple's Disk Image Software

by

The "Month of Kernel Bugs" project has found two unpatched security vulnerabilities in the way Mac OS X handles .dmg files.

The first vulnerability, rated "highly critical" by security-firm Secunia, can lead to privilege escalation, denial of service, and system access by a remote user (if Safari's open "safe" files option is checked).

The second issue is similar in nature, in that a corrupted UDTO HFS+ .dmg (ex. bad sectors) can lead to a denial of service condition.

A workaround for both issues is to disable Safari's option to open "safe" files after downloading, and to not open any .dmg file from a source you do not trust.

The latest findings increase the total to four security bugs found in Apple's software since the beginning of the project this month (See also: Airport Driver Exploit , fpathconf() Exploit ). The project has also targeted Windows, Linux, and other popular BSD distributions, with a stated goal to "check how many unreported and unknown issues can be found in kernel code out there, using simple, yet effective tools deploying techniques such as fuzzing and 'stress testing'."

Top Stories

samsung experience 1

Samsung's 'iTest' Lets You Try a Galaxy Device on Your iPhone

Thursday April 8, 2021 12:42 pm PDT by
Samsung has launched "iTest," an interactive website experience that's designed to allow iPhone users to test out Android on a Galaxy device, or "sample the other side," as Samsung puts it. Subscribe to the MacRumors YouTube channel for more videos. The iTest website is being advertised in New Zealand, according to a MacRumors reader who came across the feature. Visiting the iTest website on...
Read Full Article200 comments
sonny 2021 ipad mini pro dummies

Leaked Dummy Units Show iPad Mini 6 With Thick Bezels and Home Button, New iPad Pro Models

Thursday April 8, 2021 2:11 am PDT by
Rumors suggest Apple will release refreshed versions of the iPad mini and iPad Pro models in the first half of this year, potentially as soon as this month, and a new leak today has provided us with a possible preview of what to expect in terms of the devices' overall design and camera prospects. Tech leaker and Apple blogger Sonny Dickson this morning shared images on Twitter showing dummy ...
Read Full Article141 comments
apple music for artists new icon

Apple's Revamped Apple Music for Artists Icon Leads to Speculation About iOS 15 Design Plans

Tuesday April 6, 2021 1:03 pm PDT by
Apple yesterday updated its Apple Music for Artists app with some minor bug fixes and improvements, but also one other notable change -- a new icon. New icon on the right The Apple Music for Artists app now features a simpler, streamlined icon with a pinkish red music logo rather than the multicolored logo that was used before. The icon also has an embossed look that makes it stand out from...
Read Full Article139 comments
apple find my network

Apple Announces Find My Network With Support for Third-Party Devices

Wednesday April 7, 2021 10:06 am PDT by
Apple today announced the launch of its Find My network accessory program, which is designed to allow third-party Bluetooth devices to be tracked in the Find My app right alongside your Apple devices. According to Apple, the first accessory companies to take advantage of the new Find My integration include Belkin, Chipolo, and VanMoof, with devices set to be available beginning next week. ...
Read Full Article119 comments
new m1 chip

M1 Mac RAM and SSD Upgrades Found to Be Possible After Purchase

Tuesday April 6, 2021 5:34 am PDT by
Technicians in China have reportedly succeeded in upgrading the memory and storage of the M1 chip, suggesting that Apple's integrated custom silicon for the Mac may be more flexible than previously thought. Reports of maintenance technicians being able to expand the memory and storage of M1 Macs began circulating on Chinese social media over the weekend, but now international reports have...
Read Full Article167 comments
Intel MBP Is Thin and Lighjt

Intel Ad for 'World's Best Processor' Features a MacBook Pro

Wednesday April 7, 2021 9:51 am PDT by
Intel has been on a relentless marketing drive against Mac computers in recent weeks, positioning them as inferior to Windows laptops powered by Intel processors. In a slight slip-up, however, Intel has accidentally used a MacBook instead of a Windows laptop in one of its newest ads to promote one of its new 11th-generation chips as "the world's best processor." The ad appeared on Reddit and ...
Read Full Article162 comments
tmobile 5g modem

T-Mobile Launches Unlimited 5G Home Internet for $60/Month

Wednesday April 7, 2021 2:18 pm PDT by
T-Mobile today hosted an Un-carrier event where the company announced the launch of a a new 5G home internet plan, which is priced at $60 per month and offers unlimited data. The service is available to more than 30 million Americans across much of the United States, including 10 million households in rural areas not typically able to access reliable broadband. Connectivity will be either 4G ...
Read Full Article196 comments
iMessage Android featured

Apple's Rationale for Not Bringing iMessage to Android Revealed in Legal Documents

Friday April 9, 2021 2:22 am PDT by
It's no secret that Apple sees iMessage as a big enough selling point to keep the service exclusive to Apple devices, however new court filings submitted by Epic Games in its ongoing lawsuit with the company reveal just how Apple executives have rationalized their decision not to develop a version of iMessage for Android. Apple clearly recognizes the power that iMessage has to keep users...
Read Full Article310 comments
14

Apple Seeds Seventh Betas of iOS 14.5 and iPadOS 14.5 to Developers [Update: Public Beta Available]

Wednesday April 7, 2021 10:04 am PDT by
Apple today seeded the seventh betas of upcoming iOS 14.5 and iPadOS 14.5 updates to developers for testing purposes, with the new beta updates coming one week after Apple released the sixth iOS and iPadOS 14.5 betas. iOS and iPadOS 14.5 can be downloaded through the Apple Developer Center or over the air after the proper profile has been installed on an iPhone or iPad. iOS 14.5 is the...
Read Full Article98 comments
ipad pro and macbook pro

iPad and MacBook Production Reportedly Delayed Due to Global Chip Shortage

Thursday April 8, 2021 2:31 am PDT by
Apple is facing a global shortage of certain components for some of its MacBook and iPad models, causing the Cupertino tech giant and its suppliers to postpone production of the products, according to a new report from Nikkei Asia. According to the report, MacBook production is being hindered due to the shortage of chips mounted onto the circuit board before final assembly, which is a key...
Read Full Article120 comments