No. 1 Story

Construction needs cloud flexibility

Australia’s embattled construction sector could benefit from cloud based information systems that can be switched on and off in lockstep with individual projects – with the exception of those organisations based in remote areas like the Kimberleys.

read more

Related Articles

Adoption of cloud computing has reached a tipping point  - but don’t expect legacy...
In yet another blow to the Facebook IPO this week, following the withdrawal of...
Recruitment technology and social media have played a significant role in growing business in...
Telstra came out on top in a mobile phone customer survey conducted by the...
A new generation Chromebook has been launched by Samsung, along with a desktop Chromebox. The...

Mac OS X critical flaw exploit published

Your IT - Home IT

A flaw, described as highly critical in a current version of Apple Mac OS X has been reported by a security researcher, who has also published a sample of exploit code for the vulnerability on the web.

The vulnerability enables the Safari web browser to load corrupted image files from a malicious website allowing attackers to gain escalated privileges enabling them to run executable code on the system.

The security researcher who discovered the flaw uses the acronym LMH and reports: "Mac OS X com.apple.AppleDiskImageController fails to properly handle corrupted DMG image structures, leading to an exploitable memory corruption condition with potential kernel-mode arbitrary code execution by unprivileged users.

"This issue is remotely exploitable as Safari loads DMG files from external sources (ex. visiting an URL). This can be prevented by changing the Preferences and deactivating the functionality for 'opening "safe" files after downloading'.

"Right now, Apple doesn't provide a public specification for the DMG format, nor source and/or API reference for com.apple.AppleDiskImageController. Although, the binary-form code can be found at /System/Library/Extensions/IOHDIXController.kext/Contents/MacOS/IOHDIXController."

Danish security researcher Secunia, which has previously been busy unveiling flaws in IE7, rates the currently unpatched Mac OS X flaw as highly critical, meaning a remote user can gain control of an affected system.

Apple has yet to issue a statement concerning the flaw.