Mac OS X critical flaw exploit published

Stan Beer
Wednesday, 22 November 2006 14:41

Your IT - Home IT

A flaw, described as highly critical in a current version of Apple Mac OS X has been reported by a security researcher, who has also published a sample of exploit code for the vulnerability on the web.

The vulnerability enables the Safari web browser to load corrupted image files from a malicious website allowing attackers to gain escalated privileges enabling them to run executable code on the system.

The security researcher who discovered the flaw uses the acronym LMH and reports: "Mac OS X com.apple.AppleDiskImageController fails to properly handle corrupted DMG image structures, leading to an exploitable memory corruption condition with potential kernel-mode arbitrary code execution by unprivileged users.

"This issue is remotely exploitable as Safari loads DMG files from external sources (ex. visiting an URL). This can be prevented by changing the Preferences and deactivating the functionality for 'opening "safe" files after downloading'.

"Right now, Apple doesn't provide a public specification for the DMG format, nor source and/or API reference for com.apple.AppleDiskImageController. Although, the binary-form code can be found at /System/Library/Extensions/IOHDIXController.kext/Contents/MacOS/IOHDIXController."

Danish security researcher Secunia, which has previously been busy unveiling flaws in IE7, rates the currently unpatched Mac OS X flaw as highly critical, meaning a remote user can gain control of an affected system.

Apple has yet to issue a statement concerning the flaw.