The flaw is part of the Month of Apple Bugs (MoAB) project, the brainchild of Kevin Finisterre and a researcher with the handle of a hacker called LMH.
LMH reported this current vulnerability, which is caused due to an integer overflow error in a function when handling UFS filesystem disc images.
"This can be exploited to cause a heap-based buffer overflow via a specially crafted UFS DMG image," according to the Secunia website. "Successful exploitation may allow the execution of arbitrary code."
Secunia ranked the vulnerability as "highly critical." MoAB researchers said that the problem was initially found as a part of the Month of Kernel Bugs project, but never released due to time constraints.
"This issue is related to those published in the UFS code as part of the Month of Kernel Bugs, and the set of DMG flaws that couldn't make it to the MoKB schedule," they wrote on their website. "As DMG encapsulates filesystem streams, most of the bugs existent in the FreeBSD kernel sources tree can be abused in Mac OS X's XNU via rogue DMG images."
The issue is only remotely exploitable through the Safari web browser when the "opening safe files after downloading" option is enabled. Security experts strongly recommend disabling this option on all OS X systems.
Click here to email West Coast Bureau Chief Ericka Chickowski.
Month of Apple Bugs projects reveals highly critical Mac OS X flaw
By Ericka Chickowski on Jan 12, 2007 7:06AM