Posted on 11/21/2006 5:44:09 PM PST by Swordmaker
FrSIRT (the French Security Incident Response Team) reports on a newly demonstrated flaw affecting versions of Safari in Mac OS X 10.4.8 and prior where maliciously crafted disk images -- which are used to distribute most Mac OS X software packages -- can allow an attacker to crash or gain control of the target system.
The reported workaround for this issue is to turn off the "Open safe files after downloading" option in Safari as follows:
Note that your system will still experience a kernel panic if you double-click the downloaded malicious disk image in order to mount it.
FrSIRT has rated this vulnerability critical.
This page has a copy of the actual exploit. We were able to replicate a kernel panic in-house on an Intel-based iMac. Interestingly, when the crash occurs, it has the markings of a kernel panic (screen dimming in a downward wash fashion), but the actual kernel panic screen does not appear.
Also, we've received reports indicating that this flaw does not affect pre-release developer-only editions of Mac OS X 10.5 (Leopard). On these systems, mounting of the malicious disk image simply fails.
The claim of "gaining control of the target system" is not supported by their reports. It does however, crash the computer... which means you have to restart your computer. A "crashed computer" cannot be taken over. The most this does is a Denial of Service attack until the user who was stupid enough to download this from an untrusted site restarts his computer.
However, Apple should absolutely incorporate the fix that is in OS X.5 Leopard into earlier versions of OS X.
NOT FUD, I think.
If you want on or off the Mac Ping List, Freepmail me.
I remember this one from a year or so ago and took the advice.
Thank you very much.
Ping
I think that .DMG files are no longer considered "safe" since the previous vulnerability.
"Highly critical" Mac OS X kernel hole unearthed
Related?
Same flaw. As has been noted in the comments on most of the articles re-reporting this "proof-of-concept" flaw, it cannot be used to insert malicious code as has been hinted at in the articles... it merely crashes the OS, causing a denial of service. The solution to that is to reboot and delete the .dmg file that caused it. The better solution is to simply not download and open a suspicious .dmg file. Merely turning off the "OK" to open "Safe" files after download in Safari also stops it dead in its tracks. Also, since a similar problem with .dmg files last year, .dmg files have not been considered "Safe" by Safari anyway.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.