Exploit code released for new Mac OS X flaw

By
Follow google news

Proof-of-concept (PoC) exploit code has been released for a new flaw in the process by which Apple's Mac OS X handles DMG image format files.


Vulnerability monitoring clearinghouse Secunia reported a flaw in OS X's AppleDiskImageController when handling corrupted DMG image structures.

The flaw can be exploited by malicious local users to gain escalated privileges or to compromise an affected system.

Secunia provided a workaround to Mac users, advising them to deactivate the "opening safe files after downloading" preference, which grants access only to trusted users.

PoC code for exploiting the flaw was released by a researcher using the name "lmh" on the Kernel Fun website.

Researchers have repeatedly warned that OS X is an increasingly attractive target for malicious users, as are Unix-based platforms and alternative web browsers.

Reports this year have seen a three-year jump of as much as 228 percent in Mac flaws.

An Apple representative could not immediately be reached for comment today.

Click here to email Frank Washkuch Jr.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
codeexploitflawformacnewosreleasedsecurityx

Sponsored Whitepapers

Uncomplicate IT Service Delivery with AI Agents
Uncomplicate IT Service Delivery with AI Agents
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM

Events

Most Read Articles

Popular text editor Notepad++ was hacked to drop malware

Popular text editor Notepad++ was hacked to drop malware
'Moltbook' social media site for AI agents had big security hole

'Moltbook' social media site for AI agents had big security hole
Bunnings facial recognition privacy breach ruling partially reversed

Bunnings facial recognition privacy breach ruling partially reversed
Global proxy operator IPIDEA denies Google's malicious intent allegations

Global proxy operator IPIDEA denies Google's malicious intent allegations
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?