Month of Apple Bugs projects reveals highly critical Mac OS X bug
A highly-critical vulnerability in Mac OS X was disclosed on Thursday that can potentially be exploited to compromise users' systems.
The flaw is one of those trickling out daily as a part of the Month of Apple Bugs (MoAB) project, the brainchild of Kevin Finisterre and a researcher with the handle of LMH.
LMH reported this current vulnerability, which is caused due to an integer overflow error in a function when handling UFS filesystem disc images.
"This can be exploited to cause a heap-based buffer overflow via a specially crafted UFS DMG image," read the Secunia website. "Successful exploitation may allow the execution of arbitrary code."
Secunia ranks the vulnerability as "highly critical."
MoAB researchers said that the problem was initially found as a part of the Month of Kernel Bugs project, but never released due to time constraints.
"This issue is related to those published in the UFS code as part of the Month of Kernel Bugs, and the set of DMG flaws that couldn't make it to the MoKB schedule," they wrote on their website. "As DMG encapsulates filesystem streams, most of the bugs existent in the FreeBSD kernel sources tree can be abused in Mac OS X's XNU via rogue DMG images."
The problem is only remotely exploitable through the Safari web browser when the "opening safe files after downloading" option is enabled. Security experts strongly recommend disabling this option on all OS X systems.
Reproduced from an article published by SC Magazine
© SC Magazine
The original article can be viewed here:
http://www.scmagazine.com/uk/news/article/625796/month-apple-bugs-projects-...
Permalink Bookmark Digg this story
