« 5 Most Common Security Mistakes | Main | Virus of the Year (So Far) »

According to the always reliable Brian Kreb’s Security Fix, the "Month of Kernel Bugs" strikes again. A security researcher known as LMH decided to start pointing out unpatched flaws that were serious enough to completely disable the security of vulnerable computers.

On Monday, the project’s curator issued instructions for a bug found in how OS X processes certain types of files. Specifically, they were files ending in DMG, a file typically encountered when Mac owners download a software installer. According to Krebs, “Clicking on the proof-of-concept DMG file listed on the MoKB homepage with a brand new Mac OS X 10.4.8 installation caused the system to throw up a prompt telling me that I needed to restart my computer by holding down the power button or restarting the machine.”

Sounds innocent enough, but the crash report revealed a “kernel panic,” which in most cases means that if someone wanted in install malicious code on the computer, they could have done so regardless of the security. As the Matasano Security Blog commented, “What is interesting about DMG [files] is that they allow non-privileged users to mount a filesystem. This poses a number of unique threats to OS X.”

Beware, this exploit also worked with an older system running PowerPC. While there is no existing patch for this vulnerability, OS X users can disable this bug by “changing the Preferences and deactivating the functionality for opening ‘safe’ files after downloading.”

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1011