Feeds

Unpatched bug bites Apple Mac OS X

Isn't this only supposed to happen to Windoze users?

Boost IT visibility and business value

Security researchers have discovered a serious, unpatched vulnerability in Mac OS X. The memory corruption bug creates a means for attackers to take control of even fully patched systems.

Flaws in the way the AppleDiskImageController handles corrupted DMG image structures could be exploited to trigger memory corruption and the execution of arbitrary code in kernel-mode, Secunia, the IT security consultancy, warns.

Upshot: bad people could compromise vulnerable Macs, by bamboozling users to visit websites containing corrupted DMG files.

"A lot of OS X binaries can arrive as DMG files. They are complete file systems, and are automounted in a default configuration," The SANS Institute's Internet Storm Centre notes.

Security watchers advises Mac fans to deactivate the open "safe files" after downloading option in their Safari preferences as a workaround (as explained here), pending the release of appropriate security patches from Apple. Mac OS X version 10.4.8 systems are confirmed to be at risk and other systems might also be vulnerable.

The vulnerability, originally reported by the Month of Kernel Bugs Project, represents a rare example of an unpatched vulnerability affecting Apple systems. Windows users by contrast are, of course, all too familiar with the growing problem of so-called zero-day exploits. ®

The essential guide to IT transformation

More from The Register

next story
Apple takes blade to 13-inch MacBook Pro with Retina display
Shaves price, not screen on mid-2014 model
Top Gun display for your CAR: Heads-up fighter pilot tech
Sadly Navdy kit doesn't include Sidewinder missile to blast traffic
iPhone 6 flip tip slips in Aussie's clip: Apple's 'reversible USB' leaks
New plug not compatible with official Type-C, according to fresh rumors
FEAST YOUR EYES: Samsung's Galaxy Alpha has an 'entirely new appearance'
Wow, it looks like nothing else on the market, for sure
TV transport tech, part 1: From server to sofa at the touch of a button
You won't believe how much goes into today's telly tech
YES YES YES! Apple patents mousy, pressure-sensing iVibrator
Fanbois prepare to experience the great Cupertin-O
Steve Jobs had BETTER BALLS than Atari, says Apple mouse designer
Xerox? Pff, not even in the same league as His Jobsiness
NVIDIA claims first 64-bit ARMv8 SoC for Androids
Mile-High 'Denver' Tegra K1 successor said to rival PC performance
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.