Exploit code released for new Mac OS X flaw

By
Follow google news

Proof-of-concept (PoC) exploit code has been released for a new flaw in the process by which Apple's Mac OS X handles DMG image format files.


Vulnerability monitoring clearinghouse Secunia reported a flaw in OS X's AppleDiskImageController when handling corrupted DMG image structures.

The flaw can be exploited by malicious local users to gain escalated privileges or to compromise an affected system.

Secunia provided a workaround to Mac users, advising them to deactivate the "opening safe files after downloading" preference, which grants access only to trusted users.

PoC code for exploiting the flaw was released by a researcher using the name "lmh" on the Kernel Fun website.

Researchers have repeatedly warned that OS X is an increasingly attractive target for malicious users, as are Unix-based platforms and alternative web browsers.

Reports this year have seen a three-year jump of as much as 228 percent in Mac flaws.

An Apple representative could not immediately be reached for comment today.

Click here to email Frank Washkuch Jr.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
codeexploitflawformacnewosreleasedsecurityx

Sponsored Whitepapers

2026 Engineering Reality Report
2026 Engineering Reality Report
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats
Optus Enterprise Mobility
Optus Enterprise Mobility
Life After VMware: Scale Securely with mCloud by Micron21
Life After VMware: Scale Securely with mCloud by Micron21

Events

Most Read Articles

Tasmanian gov agencies impacted by cyber attack

Tasmanian gov agencies impacted by cyber attack
Australian chief at US defence contractor L3Harris sold exploits to Russia

Australian chief at US defence contractor L3Harris sold exploits to Russia
Vic gov agencies flying blind on server security, audit finds

Vic gov agencies flying blind on server security, audit finds
Home Affairs streamlines risk vetting for gov tech suppliers

Home Affairs streamlines risk vetting for gov tech suppliers
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?