Posted on 11/24/2006 11:35:41 AM PST by Ernest_at_the_Beach
A security researcher has published attack code for an unpatched flaw in Mac OS X.
The proof-of-concept code exploits a security hole in the way Apple's operating system handles disk image files, the researcher wrote on a blog devoted to a 'Month of Kernel Bugs' campaign which promises to reveal details of a new flaw in low-level software every day this month.
The researcher, who goes by the initials 'LMH', wrote: "Mac OS X com.apple.AppleDiskImageController fails to properly handle corrupted DMG (disk image) image structures, leading to an exploitable memory corruption condition with potential kernel-mode arbitrary code execution by unprivileged users."
The vulnerability could be exploited remotely, as Apple's Safari web browser loads DMG files from external sources, such as one found while visiting an URL, LMH wrote. That could let an outsider compromise a system.
Secunia rated the vulnerability as "highly critical" in an advisory on its website. In addition to being used to compromise a computer, the flaw could be exploited by malicious local users to gain escalated privileges to the system, the security company said.
Apple representatives did not respond to a request for comment.
In the blog, LMH said people can prevent an attack by "changing the Preferences and deactivating the functionality for opening 'safe' files after downloading".
Vulnerabilities in the Mac OS have been rising, leading some experts to note that the Macintosh platform is not impervious to security problems. The vast majority of security vulnerabilities affect computers running Microsoft Windows.
Elinor Mills writes for CNET News.com
fyi
This is not new. The flaw has been noted a number of times over the past few months.
Sorry, I meant to continue that while the flaw is not new, I still appreciate the warning.
Already posted over here:
http://www.freerepublic.com/focus/f-chat/1742381/posts
Balderdash... Not one demonstration of such an escalation has been shown... Certainly, Secunia has not demonstrated an escalation of privileges... nor has the "Month of Kernal Bugs" demonstrated one.
The OS merely crashes, creating a local "denial-of-service" condition, requiring a hardware restart. How is that going to allow a "malicious local user" to escalate his privileges? Unless he already knows an administrator or root name and password he can only log back on as the same user as before with the same privleges. And if he does know those names and passwords, he merely has to switch user.and there's no need to crash the system to do that.
Certainly this is a kernal flaw... and it needs to be fixed.
But it is not the "Critical" security hole Secunia, and subsequent re-printers of their FUD such as C-Net, are frothing at the mouth about.
It isn't even a long-term Denial-of-Service situation... for this to happen a local user has to be sitting at the computer trying to open a .dmg file. He will certainly notice the kernal panic and restart the computer, restoring the service within a minute or two.
Thanks for the explanation.
Uh, so what happened to November 1 - November 21?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.