Month of Apple Bugs projects reveals highly critical Mac OS X flaw

By
Follow google news

A highly-critical vulnerability in Mac OS X that can be exploited to compromise users' systems was disclosed on Thursday.


The flaw is part of the Month of Apple Bugs (MoAB) project, the brainchild of Kevin Finisterre and a researcher with the handle of a hacker called LMH.

LMH reported this current vulnerability, which is caused due to an integer overflow error in a function when handling UFS filesystem disc images.

"This can be exploited to cause a heap-based buffer overflow via a specially crafted UFS DMG image," according to the Secunia website. "Successful exploitation may allow the execution of arbitrary code."

Secunia ranked the vulnerability as "highly critical." MoAB researchers said that the problem was initially found as a part of the Month of Kernel Bugs project, but never released due to time constraints.

"This issue is related to those published in the UFS code as part of the Month of Kernel Bugs, and the set of DMG flaws that couldn't make it to the MoKB schedule," they wrote on their website. "As DMG encapsulates filesystem streams, most of the bugs existent in the FreeBSD kernel sources tree can be abused in Mac OS X's XNU via rogue DMG images."

The issue is only remotely exploitable through the Safari web browser when the "opening safe files after downloading" option is enabled. Security experts strongly recommend disabling this option on all OS X systems.

Click here to email West Coast Bureau Chief Ericka Chickowski.  
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
applebugscriticalflawhighlymacmonthofosprojectsrevealssecurityx

Sponsored Whitepapers

The cloud tipping point
The cloud tipping point
How AI will deliver real business value
How AI will deliver real business value
The multicloud imperative
The multicloud imperative
Your multicloud advantage
Your multicloud advantage
The business value of Oracle Autonomous Database
The business value of Oracle Autonomous Database

Events

Most Read Articles

WA man jailed for at least five years for evil twin attack

WA man jailed for at least five years for evil twin attack
ASX outage caused by security software upgrade

ASX outage caused by security software upgrade
Services Australia may get powers to rein in data breach exposure

Services Australia may get powers to rein in data breach exposure
Home Affairs to unleash AI on sensitive government data

Home Affairs to unleash AI on sensitive government data
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?