Critical Apple flaw discovered in Mac OS X

By Robert Westervelt, News Editor 11 Jan 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Danish vulnerability clearinghouse Secunia rated the flaw highly critical because it can be remotely exploited by an attacker in the Safari Web browser when the "opening safe files after downloading" option is enabled, Secunia said in its advisory.

The flaw, discovered by security researcher who goes by the name "LMH," is an integer overflow error in the ffs_mountfs() function. When the ffs mountfs() function handles UFS filesystem disc images the operating system can be exploited to cause a buffer overflow by using a UFS DMG image, LMH said in his Month of Apple Bugs Web site.

The flaw can lead to an exploitable denial of service condition and potential arbitrary code execution, LMH said.

"Arbitrary code execution is possible, as we control the size parameter used for buffer allocation and data is being copied directly from the stream in the DMG image," LMH said in his advisory.

Mac OS X 10.4.8 is affected as well as FreeBSD 6.1. Earlier versions may also be affected, LMH said.

The recommended workaround until Apple releases a fix is to not attempt to mount untrusted DMG files, and disable Safari 'Open safe files' in it's preferences dialog.

The flaw is related to a DMG image handling issue announced in November by the Month of Kernel Bugs, LMH said.

The Month of Apple Bugs project was launched Jan. 1 and is an offshoot of the Month of Kernel Bugs project, both run by researcher LMH. The Month of Kernel Bugs was inspired by the Month of Browser Bugs, spearheaded by Metasploit Framework creator H.D. Moore last July.

The Month of Apple Bugs site was launched detailing a highly critical flaw in Apple's widely used QuickTime media player.

Tags: Alternative OS security: Mac, Linux, Unix, etc.,  Application Attacks (Buffer Overflows, Cross-Site Scripting),  Web Browser Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Alternative OS security: Mac, Linux, Unix, etc. Mac OS memory flaws pose challenges for enterprise endpoint protection Rootkit Hunter demo: Detect and remove Linux rootkits Oracle to buy Sun Microsystems for $7.4 billion How to harden Linux operating systems Serious holes in Mac OS X memory, researcher shows What is the best operating system for an FTP server implementation? Black Hat DC 2009: Mac OS attack method New hacking method stealthily attacks Macs with malware Apple fixes critical QuickTime flaws User provisioning and SSO for PeopleSoft- and Unix-based products Alternative OS security: Mac, Linux, Unix, etc. Research Application Attacks (Buffer Overflows, Cross-Site Scripting) Adobe ColdFusion websites being compromised PCI management: The case for Web application firewalls Month of Twitter Bugs project to document Twitter flaws Adobe issues first quarterly patch release fixing 13 flaws Balancing security and performance: Protecting layer 7 on the network Adobe issues Reader update fixing zero-day flaw The Pipe Dream of No More Free Bugs Security Squad: Federal cybersecurity defenses Oracle issues 43 updates, fixes serious database flaws Attackers target new Microsoft PowerPoint zero-day flaw Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Web Browser Security Researchers to demonstrate new EV SSL man-in-the-middle hacks Security researchers develop browser-based darknet Microsoft cracks down on click fraud ring Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates IT pros can detect, prevent website vulnerabilities, thwart attacks Stolen FTP credentials likely in massive website attacks Trust eroding as social engineering attacks climb in 2009, says Kaspersky expert US-CERT warns of Gumblar, Martuz drive-by exploits Google study backs browser silent auto update feature Web Browser Security Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary