In association with heise online

21 November 2006, 17:09

Prepared DMG images bring Mac OS X to a halt

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

As part of the Month of Kernel Bugs, a security vulnerability has been found in Mac OS X, which could be exploited by an attacker using prepared DMG images to crash a target computer. According to bug reports, it is apparently also possible to infiltrate code and execute it with kernel privileges. This has not yet been confirmed, however. In tests carried out by the heise Security editorial team, the exploit image published by the authors completely froze a MacBook running Mac OS X 10.4.8 on loading. In contrast the test caused an iMac to crash.

The cause of the problem is a bug in the which fails to deal with corrupted structures in DMG images. A manipulated image could, for example, be placed on a website and then be automatically mounted or opened after downloading. As there is as yet no patch available, as a workaround users should deactivate the opening of 'safe' files after download.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit