Bug of the day hits Mac Finder

by Stephen Withers

Wednesday, 10 January 2007

A bug allegedly reported to Apple around a month ago is the subject of today's Month of Apple Bugs disclosure.

Featured Whitepaper

5 Best Practices for Smartphone Support

According to MoAB's Kevin Finisterre, memory corruption occurs in the Finder if an attempt is made to mount a disk image file containing a volume name longer than 255 characters. The condition "leads to an exploitable denial of service condition and potential arbitrary code execution."

The significance is that Mac software is most commonly distributed via the Internet as disk image files, so users are accustomed to downloading and opening them. While word would quickly spread about any attempt to use this for a denial of service attack, a successful code execution exploit could affect a significant number of machines before news got out.

According to the disclosure, creating such an exploit would not be trivial.

The suggested workaround? "Don't attempt to mount untrusted DMG files, [and] disable Safari 'Open safe files' in it's [sic] preferences dialog". After previous scares, we'd hope everyone's already done the latter.{moscomment}

Tags See All Tags

Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

	Visitors last 30 days	694,279
	Subscribers	15,210

About iTWire

iTWire and you

Featured Whitepaper

Tags See All Tags

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.