Multiple Security Vulerabilities Found In Apple’s Disk Image Software

The ‘Month of Kernel Bugs’ project has found two unpatched security vulnerabilities in the way Mac OS X handles .dmg files. The first vulnerability, rated ‘highly critical’ by security-firm Secunia, can lead to privilege escalation, denial of service, and system access by a remote user (if Safari’s open ‘safe’ files option is checked). The second issue is similar in nature, in that a corrupted UDTO HFS+ .dmg can lead to a denial of service condition. A workaround for both issues is to disable Safari’s option to open ‘safe’ files after downloading, and to not open any .dmg file from a source you do not trust.

29 Comments

  1. 2006-11-22 9:31 am
  2. 2006-11-22 9:32 am
    • 2006-11-22 10:06 am
  3. 2006-11-22 9:50 am
    • 2006-11-22 10:39 am
    • 2006-11-22 10:46 am
      • 2006-11-22 10:53 am
    • 2006-11-22 1:39 pm
  4. 2006-11-22 10:09 am
    • 2006-11-22 10:23 am
    • 2006-11-22 10:47 am
      • 2006-11-22 5:19 pm
  5. 2006-11-22 10:51 am
    • 2006-11-22 12:38 pm
      • 2006-11-22 1:00 pm
        • 2006-11-22 3:06 pm
          • 2006-11-22 4:37 pm
          • 2006-11-22 6:08 pm
          • 2006-11-22 7:13 pm
          • 2006-11-22 8:13 pm
  6. 2006-11-22 11:24 am
  7. 2006-11-22 1:28 pm
    • 2006-11-22 2:04 pm
      • 2006-11-22 2:14 pm
        • 2006-11-22 3:05 pm
          • 2006-11-22 3:28 pm
          • 2006-11-22 5:49 pm
    • 2006-11-22 4:40 pm
  8. 2006-11-23 5:00 am