Patch/Configuration Management, Vulnerability Management

Exploit code released for new Mac OS X flaw

Proof-of-concept (PoC) exploit code has been released for a new flaw in the process by which Apple's Mac OS X handles DMG image format files.

Vulnerability monitoring clearinghouse Secunia reported a flaw in OS X's AppleDiskImageController when handling corrupted DMG image structures.

The flaw can be exploited by malicious local users to gain escalated privileges or to compromise an affected system.

Secunia provided a workaround to Mac users, advising them to deactivate the "opening safe files after downloading" preference, which grants access only to trusted users.

PoC code for exploiting the flaw was released by a researcher using the name "lmh" on the Kernel Fun website.

Researchers have repeatedly warned that OS X is an increasingly attractive target for malicious users, as are Unix-based platforms and alternative web browsers.

Reports this year have seen a three-year jump of as much as 228 percent in Mac flaws.

An Apple representative could not immediately be reached for comment today.

Click here to email Frank Washkuch Jr.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.