Thread: Mac OSX vulnerability announced
View Single Post
Old 22-11-2006, 07:04   #1
Paul K
Inactive
 
Paul K's Avatar
 
Join Date: Jun 2003
Location: Essex innit
Age: 51
Services: Sky HD + 16Mb ADSL BT Telephone
Posts: 15,735
Paul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered stars
Paul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered stars
Mac OSX vulnerability announced
Secunia
Quote:
Secunia Advisory: SA23012
Release Date: 2006-11-21
Critical:
Highly critical
Impact: Privilege escalation
DoS
System access
Where: From remote
Solution Status: Unpatched
OS: Apple Macintosh OS X
Quote:
The vulnerability is caused due to an error in com.apple.AppleDiskImageController when handling corrupted DMG image structures. This can be exploited to cause a memory corruption and may allow execution of arbitrary code in kernel-mode.

The vulnerability is reported in a fully patched Mac OS X (2006-11-20). Other versions may also be affected.

Solution:
Deactivate the option "opening safe files after downloading" in the preferences and grant only trusted users access to affected systems.
Just in case anyone might be at risk from this.
Paul K is offline   Reply With Quote