iTWire - Mac OS X critical flaw exploit published

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Information Technology News

Mac OS X critical flaw exploit published

Mac OS X critical flaw exploit published

E-mail

by Stan Beer
Wednesday, 22 November 2006
A flaw, described as highly critical in a current version of Apple Mac OS X has been reported by a security researcher, who has also published a sample of exploit code for the vulnerability on the web. Featured Whitepaper 5 Best Practices for Smartphone Support The vulnerability enables the Safari web browser to load corrupted image files from a malicious website allowing attackers to gain escalated privileges enabling them to run executable code on the system. The security researcher who discovered the flaw uses the acronym LMH and reports: "Mac OS X com.apple.AppleDiskImageController fails to properly handle corrupted DMG image structures, leading to an exploitable memory corruption condition with potential kernel-mode arbitrary code execution by unprivileged users. "This issue is remotely exploitable as Safari loads DMG files from external sources (ex. visiting an URL). This can be prevented by changing the Preferences and deactivating the functionality for 'opening "safe" files after downloading'. "Right now, Apple doesn't provide a public specification for the DMG format, nor source and/or API reference for com.apple.AppleDiskImageController. Although, the binary-form code can be found at /System/Library/Extensions/IOHDIXController.kext/Contents/MacOS/IOHDIXController." Danish security researcher Secunia, which has previously been busy unveiling flaws in IE7, rates the currently unpatched Mac OS X flaw as highly critical, meaning a remote user can gain control of an affected system. Apple has yet to issue a statement concerning the flaw. {moscomment} Tags See All Tags Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

NETSUITE ANNOUNCES Q3 09 RESULTS

AVG (AU/NZ) Wins Computer Troubleshooters Vendor of the Year Award for the Second Year

Mobile & Wireless VoIP on the Apple iPhone

AVG (AU/NZ) Growing Fast in an Economy Looking for Security

...Promote your press-releases here

Latest jobs

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Business & IT Transformation Roles

Systems Analysts	Business Process Analysts
Test Analysts	Business Analysts
Business Readiness Analysts

Project C

stats for wordpress

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking