Prepared DMG images bring Mac OS X to a halt
As part of the Month of Kernel Bugs, a security vulnerability has been found in Mac OS X, which could be exploited by an attacker using prepared DMG images to crash a target computer. According to bug reports, it is apparently also possible to infiltrate code and execute it with kernel privileges. This has not yet been confirmed, however. In tests carried out by the heise Security editorial team, the exploit image published by the authors completely froze a MacBook running Mac OS X 10.4.8 on loading. In contrast the test caused an iMac to crash.
The cause of the problem is a bug in the com.apple.AppleDiskImageController which fails to deal with corrupted structures in DMG images. A manipulated image could, for example, be placed on a website and then be automatically mounted or opened after downloading. As there is as yet no patch available, as a workaround users should deactivate the opening of 'safe' files after download.
- Mac OS X Apple UDIF Disk Image Kernel Memory Corruption, bug report on MoKB
(ehe)