OS X Zero Day exploit
Well there goes the claim, once and for all, that Mac flaws are not a serious as Windows flaws. If it gives kernel-mode arbitrary code execution by unprivileged users then it is a fully compromised rooted system.
A security researcher has published attack code for an unpatched flaw in Mac OS X, the latest vulnerability in the “Month of Kernel Bugs” campaign.
The proof-of-concept code exploits a security hole in the way Apple Computer’s operating system handles disk image files, the researcher wrote Monday on a blog devoted to the campaign, which promises to reveal details of a new flaw in low-level software every day this month.
“Mac OS X com.apple.AppleDiskImageController fails to properly handle corrupted DMG (disk image) image structures, leading to an exploitable memory corruption condition with potential kernel-mode arbitrary code execution by unprivileged users,” wrote the researcher, who goes by the initials “LMH.”
The vulnerability could be exploited remotely, as Apple’s Safari Web browser loads DMG files from external sources, such as one found while visiting an URL, LMH wrote. That could let an outsider compromise a system.
Comment from M. Douglas Wray
Time: 11/21/2006, 8:35 pm
It’s actually a Safari bug and can be easily avoided by unchecking ‘open safe files after downloading’- I have yet to see or hear of a single user hit by this. Not saying it can’t happen, it’s just something I’ve not seen to date. Also, the code still has to ask permission to install/run. Many users DO just automatically type in their password any time the system asks, but there’s no way to protect against stupidity.