[ISN] Attack code targets zero-day Mac OS X flaw

From: InfoSec News (alerts@private)
Date: Tue Nov 21 2006 - 23:03:42 PST


http://news.com.com/Attack+code+targets+zero-day+Mac+OS+X+flaw/2100-1002_3-6137710.html

By Elinor Mills
Staff Writer, CNET News.com
November 21, 2006

A security researcher has published attack code for an unpatched flaw in 
Mac OS X, the latest vulnerability in the "Month of Kernel Bugs" 
campaign.

The proof-of-concept code exploits a security hole in the way Apple 
Computer's operating system handles disk image files, the researcher 
wrote Monday on a blog devoted to the campaign, which promises to reveal 
details of a new flaw in low-level software every day this month.

"Mac OS X com.apple.AppleDiskImageController fails to properly handle 
corrupted DMG (disk image) image structures, leading to an exploitable 
memory corruption condition with potential kernel-mode arbitrary code 
execution by unprivileged users," wrote the researcher, who goes by the 
initials "LMH."

The vulnerability could be exploited remotely, as Apple's Safari Web 
browser loads DMG files from external sources, such as one found while 
visiting an URL, LMH wrote. That could let an outsider compromise a 
system.

Secunia rated the vulnerability as "highly critical" in an advisory on 
its Web site on Tuesday. In addition to being used to compromise a 
computer, the flaw could be exploited by malicious local users to gain 
escalated privileges to the system, the security company said.

Apple representatives did not respond to a request for comment.

In the blog, researcher LMH said people can prevent an attack by 
"changing the Preferences and deactivating the functionality for opening 
'safe' files after downloading."

Vulnerabilities in the Mac OS have been rising, leading some experts to 
note that the Macintosh platform is not impervious to security problems. 
The vast majority of security vulnerabilities affect computers running 
Microsoft Windows.


_________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Tue Nov 21 2006 - 23:10:58 PST