Feeds

Unpatched bug bites Apple Mac OS X

Isn't this only supposed to happen to Windoze users?

5 things you didn’t know about cloud backup

Security researchers have discovered a serious, unpatched vulnerability in Mac OS X. The memory corruption bug creates a means for attackers to take control of even fully patched systems.

Flaws in the way the AppleDiskImageController handles corrupted DMG image structures could be exploited to trigger memory corruption and the execution of arbitrary code in kernel-mode, Secunia, the IT security consultancy, warns.

Upshot: bad people could compromise vulnerable Macs, by bamboozling users to visit websites containing corrupted DMG files.

"A lot of OS X binaries can arrive as DMG files. They are complete file systems, and are automounted in a default configuration," The SANS Institute's Internet Storm Centre notes.

Security watchers advises Mac fans to deactivate the open "safe files" after downloading option in their Safari preferences as a workaround (as explained here), pending the release of appropriate security patches from Apple. Mac OS X version 10.4.8 systems are confirmed to be at risk and other systems might also be vulnerable.

The vulnerability, originally reported by the Month of Kernel Bugs Project, represents a rare example of an unpatched vulnerability affecting Apple systems. Windows users by contrast are, of course, all too familiar with the growing problem of so-called zero-day exploits. ®

The essential guide to IT transformation

More from The Register

next story
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
Samsung Gear S: Quick, LAUNCH IT – before Apple straps on iWatch
Full specs for wrist-mounted device here ... but who'll buy it?
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
Now that's FIRE WIRE: HP recalls 6 MILLION burn-risk laptop cables
Right in the middle of Burning Mains Man week
HUGE iPAD? Maybe. HUGE ADVERTS? That's for SURE
Noo! Hand not big enough! Don't look at meee!
AMD unveils 'single purpose' graphics card for PC gamers and NO ONE else
Chip maker claims the Radeon R9 285 is 'best in its class'
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.