Mac OS X Apple UDIF Disk Image Kernel Memory Corruption

Published: 2006-11-22
Last Updated: 2006-11-22 03:57:39 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)
A vulnerability has been reported in the way OS X handles corrupt DMG images. This would typically be a local user exploit for privilege escalation. The exception here would be that it could also be exploited remotely via the Safari web browser. A lot of  OS X binaries can arrive as DMG files. They are complete file systems, and are automounted in a default configuration. A corrupted DMG file would then compromise the system and allow for arbitrary code execution. This new vulnerability and the PoC is brought to you by the Month of Kernel Bugs (MoKB) and the number 10.

Mitigation: There currently is no vendor patch for this vulnerability. To reduce the risk of remote compromise reconfigure Safari and be careful with DMG files from untrusted or unknown sources. For Safari disable opening "safe" files after downloading. Tutorial on how and why to do so can be found here.

Secunia advisory can be found here

Adrien de Beaupre

0 comment(s)


Diary Archives