Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Mac OS X/Safari DMG vulnerability reported: Turn off automatic opening of "safe" files to prevent
MacFixIt ^ | Tuesday, November 21 2006 @ 10:00 AM PST

Posted on 11/21/2006 5:44:09 PM PST by Swordmaker

FrSIRT (the French Security Incident Response Team) reports on a newly demonstrated flaw affecting versions of Safari in Mac OS X 10.4.8 and prior where maliciously crafted disk images -- which are used to distribute most Mac OS X software packages -- can allow an attacker to crash or gain control of the target system.

The reported workaround for this issue is to turn off the "Open safe files after downloading" option in Safari as follows:

  1. Open Safari
  2. Open "Preferences" under the "Safari" menu
  3. Click on the "General" tab at the top
  4. Un-check the "Open 'safe' files after downloading" box
  5. Close Safari's preferences

Note that your system will still experience a kernel panic if you double-click the downloaded malicious disk image in order to mount it.

FrSIRT has rated this vulnerability critical. 

This page has a copy of the actual exploit. We were able to replicate a kernel panic in-house on an Intel-based iMac. Interestingly, when the crash occurs, it has the markings of a kernel panic (screen dimming in a downward wash fashion), but the actual kernel panic screen does not appear.

Also, we've received reports indicating that this flaw does not affect pre-release developer-only editions of Mac OS X 10.5 (Leopard). On these systems, mounting of the malicious disk image simply fails.


TOPICS: Computers/Internet
KEYWORDS:
This appears to be a rehash of a vulnerability reported about a year and a half ago. I believe the "open safe files" option in Safari has been OFF by default since then.

The claim of "gaining control of the target system" is not supported by their reports. It does however, crash the computer... which means you have to restart your computer. A "crashed computer" cannot be taken over. The most this does is a Denial of Service attack until the user who was stupid enough to download this from an untrusted site restarts his computer.

However, Apple should absolutely incorporate the fix that is in OS X.5 Leopard into earlier versions of OS X.

1 posted on 11/21/2006 5:44:12 PM PST by Swordmaker
[ Post Reply | Private Reply | View Replies]

To: 1234; 6SJ7; Action-America; af_vet_rr; afnamvet; Alexander Rubin; anonymous_user; ...
Mac Security Alert... Looks like a rehash of already covered territory but a warning is in order none-the-less.... PING!

NOT FUD, I think.

If you want on or off the Mac Ping List, Freepmail me.

2 posted on 11/21/2006 5:46:13 PM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

I remember this one from a year or so ago and took the advice.


3 posted on 11/21/2006 5:52:56 PM PST by Tribune7
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Thank you very much.


4 posted on 11/21/2006 7:49:40 PM PST by BigFinn
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lil'freeper

Ping


5 posted on 11/22/2006 3:42:58 AM PST by big'ol_freeper (It looks like one of those days when one nuke is just not enough-- Lt. Col. Mitchell, SG-1)
[ Post Reply | Private Reply | To 1 | View Replies]

Comment #6 Removed by Moderator

To: Yehuda
...however first .dmg I downloaded did not auto open....

I think that .DMG files are no longer considered "safe" since the previous vulnerability.

7 posted on 11/22/2006 6:56:16 PM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 6 | View Replies]

Comment #8 Removed by Moderator

To: Swordmaker
Just posted this:

"Highly critical" Mac OS X kernel hole unearthed

Related?

9 posted on 11/24/2006 11:42:40 AM PST by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Ernest_at_the_Beach
Related?

Same flaw. As has been noted in the comments on most of the articles re-reporting this "proof-of-concept" flaw, it cannot be used to insert malicious code as has been hinted at in the articles... it merely crashes the OS, causing a denial of service. The solution to that is to reboot and delete the .dmg file that caused it. The better solution is to simply not download and open a suspicious .dmg file. Merely turning off the "OK" to open "Safe" files after download in Safari also stops it dead in its tracks. Also, since a similar problem with .dmg files last year, .dmg files have not been considered "Safe" by Safari anyway.

10 posted on 11/24/2006 12:32:24 PM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 9 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson