Attack code targets zero-day Mac OS flaw

by admin November 22, 2006 at 2:36 am
0 Comment

A security researcher has published attack code for an unpatched flaw in Mac OS X, the latest vulnerability in the “Month of Kernel Bugs” campaign.

The proof-of-concept code exploits a security hole in the way Apple Computer’s operating system handles disk image files, the researcher wrote Monday on a blog devoted to the campaign, which promises to reveal details of a new flaw in low-level software every day this month.

“Mac OS X com.apple.AppleDiskImageController fails to properly handle corrupted DMG (disk image) image structures, leading to an exploitable memory corruption condition with potential kernel-mode arbitrary code execution by unprivileged users,” wrote the researcher, who goes by the initials “LMH”.

The vulnerability could be exploited remotely, as Apple’s Safari Web browser loads DMG files from external sources, such as one found while visiting an URL, LMH wrote. That could let an outsider compromise a system.

Read more: ZDNet AU

Related Content
Realme C15 Launching in India on August 18: Everything We Know So Far
Facebook’s CEO to meet PM Modi today
Firefox 4 Beta 1: A Visual Tour
Now, access Facebook on mobile devices for free
more news from the blog
MessengerDiscovery Live 1.4.5408
Windows Vista’s three killer features
Octoshape plug-in 1.0
Firefox for Mobile 1.0 RC3
Mac OS X hacked under 30 minutes
Photobie 7.2.8
FET 5.13.2
7zX 1.5.3
Suspicious Package 1.0.1 for Mac OS X
Symantec PTEDIT
X-Mailer Build 7.0.2007.6
Currency for iPhone 2.1
StartMenuEx 0.4.9.3
ReSysInfo System Information Viewer 2.2.0
Mobile music to kill the MP3 player?
Star Downloader Free 1.45
A Peek at Windows 7 RC1 Interface Changes
Microsoft Unveils Modern Warfare 2 Xbox 360 Bundle
Major Skype outage in progress: “12-24 hours” for a fix
Pea-Peach 0.12
Yahoo Mail Taps into IM, Text Messages
Briefly: Leopard downloads prompt Apple retail firings
HKTunes 1.5
First Windows 7 Zero-Day Exploit Airs, But Danger Isn’t Great For Most
FastStone Photo Resizer 2.9
Phishing attack hits PayPal subscribers
juicyPlayer (HDngn) 0.8.6
Mz StartUp Manager 2.3
WOT 20100830
Microsoft takes aim for Google’s Froogle
Python 2.7 Beta 2 / 3.1.2 Final / 2.7 Final
AOL hit by IM virus
Yahoo fixes email hole