Feeds

Unpatched bug bites Apple Mac OS X

Isn't this only supposed to happen to Windoze users?

Reducing security risks from open source software

Security researchers have discovered a serious, unpatched vulnerability in Mac OS X. The memory corruption bug creates a means for attackers to take control of even fully patched systems.

Flaws in the way the AppleDiskImageController handles corrupted DMG image structures could be exploited to trigger memory corruption and the execution of arbitrary code in kernel-mode, Secunia, the IT security consultancy, warns.

Upshot: bad people could compromise vulnerable Macs, by bamboozling users to visit websites containing corrupted DMG files.

"A lot of OS X binaries can arrive as DMG files. They are complete file systems, and are automounted in a default configuration," The SANS Institute's Internet Storm Centre notes.

Security watchers advises Mac fans to deactivate the open "safe files" after downloading option in their Safari preferences as a workaround (as explained here), pending the release of appropriate security patches from Apple. Mac OS X version 10.4.8 systems are confirmed to be at risk and other systems might also be vulnerable.

The vulnerability, originally reported by the Month of Kernel Bugs Project, represents a rare example of an unpatched vulnerability affecting Apple systems. Windows users by contrast are, of course, all too familiar with the growing problem of so-called zero-day exploits. ®

Securing Web Applications Made Simple and Scalable

More from The Register

next story
Child diagnosed as allergic to iPad
Apple's fondleslab is the tablet dermatitis sufferers won't want to take
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
For Lenovo US, 8-inch Windows tablets are DEAD – long live 8-inch Windows tablets
Reports it's killing off smaller slabs are greatly exaggerated
Seventh-gen SPARC silicon will accelerate Oracle databases
Uncle Larry's mutually-optimised stack to become clearer in August
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Big Blue Apple: IBM to sell iPads, iPhones to enterprises
iOS/2 gear loaded with apps for big biz ... uh oh BlackBerry
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.