Critical Apple flaw discovered in Mac OS X

By Robert Westervelt, News Editor 11 Jan 2007 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Danish vulnerability clearinghouse Secunia rated the flaw highly critical because it can be remotely exploited by an attacker in the Safari Web browser when the "opening safe files after downloading" option is enabled, Secunia said in its advisory.

The flaw, discovered by security researcher who goes by the name "LMH," is an integer overflow error in the ffs_mountfs() function. When the ffs mountfs() function handles UFS filesystem disc images the operating system can be exploited to cause a buffer overflow by using a UFS DMG image, LMH said in his Month of Apple Bugs Web site.

The flaw can lead to an exploitable denial of service condition and potential arbitrary code execution, LMH said.

"Arbitrary code execution is possible, as we control the size parameter used for buffer allocation and data is being copied directly from the stream in the DMG image," LMH said in his advisory.

Mac OS X 10.4.8 is affected as well as FreeBSD 6.1. Earlier versions may also be affected, LMH said.

The recommended workaround until Apple releases a fix is to not attempt to mount untrusted DMG files, and disable Safari 'Open safe files' in it's preferences dialog.

The flaw is related to a DMG image handling issue announced in November by the Month of Kernel Bugs, LMH said.

The Month of Apple Bugs project was launched Jan. 1 and is an offshoot of the Month of Kernel Bugs project, both run by researcher LMH. The Month of Kernel Bugs was inspired by the Month of Browser Bugs, spearheaded by Metasploit Framework creator H.D. Moore last July.

The Month of Apple Bugs site was launched detailing a highly critical flaw in Apple's widely used QuickTime media player.

Tags: Web Application Security,  Platform and OS Security Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Application Security Twitter settles with FTC over security issues, careless policies Report: Google to phase out Windows, cites security issues New tool enables botnet command and control via Twitter Symantec Internet threat report highlights botnet, malware trends Researchers aim to smarten Web application security scanners Security-related social networking issues abound in organisations New cloud VPN service improves application acceleration, security New banking Trojan targets U.K. banks Social networking risks, benefits for enterprises weighed by RSA panel How to prevent Adobe hacks from affecting your organisation Platform and OS Security Management Google bug hunter discovers serious Windows XP flaw Microsoft emphasizes three critical updates on patch-heavy Tuesday Microsoft to issue 10 security bulletins, three critical Malware discovered in freely distributed Mac applications Report: Google to phase out Windows, cites security issues Microsoft to issue two critical bulletins, SharePoint to remain vulnerable Researchers aim to smarten Web application security scanners Operation Aurora: Tips for thwarting zero-day attacks, unknown malware Microsoft fixes critical drive-by media handling flaws Microsoft to repair 25 flaws in Windows, Office and Exchange

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary