New Mac OS X Exploit?

The UK's IT Week reports on a possible new Mac OS X exploit. A proof of concept appears on the Info-pull.com website, claiming that corrupted UDTO HFS+ image structures are vulnerable to denial of service attacks. If true, this same issue may affect FreeBSD installations. The article suggests disabling "open 'safe files' after downloading", which realistically speaking you've probably already done a long time ago if you've been worried about possible OS X attacks.

View Tags

Source: http://www.itweek.co.uk/vnunet/news/2169228/exploit-publishe…

Categories

Rumors Apple Security

The UK's IT Week reports on a possible new Mac OS X exploit. A proof of concept appears on the Info-pull.com website, claiming that...

Add a Comment

Sign in »

8 Comments

Filter by:

James

Nick Mediati

Arbitrary code within the disk image is executed when it's opened. That's the flaw here. Right now I'm downloading the proof of concept and the newest version of ClamXav to see if the code can be picked up.

...

And it can't, it seems it can't scan compressed images but once opened it can, which kind of defeats the purpose here. But who cares, is the developer of ffmpegX suddenly gonna put malicious code in his DMGs? No way.

November 22 2006 at 2:48 PM Report abuse Permalink rate up rate down Reply

Keith

Just a small sample:

http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/index.html

November 22 2006 at 1:09 PM Report abuse Permalink rate up rate down Reply

Keith

Daniel,

I don't follow your logic. How does "corrupting blocks of memory" lead you to the conclusion that "Apple have ZERO understanding of secure coding."

Of course any reasonable person would conclude that somewhere with in Apple someone must have some understanding of secure coding, so really your statement was just meant to be inflammatory.

I, for one, think Apple has shown a pretty good understanding of secure computing practices.

November 22 2006 at 1:06 PM Report abuse Permalink rate up rate down Reply

me_94501

James,
Someone correct me if I'm wrong, but I don't know if antivirus would be able to protect against such an exploit. It seems that any attempt to uncompress the disk image to read it would result in a kernel panic.

November 22 2006 at 4:08 AM Report abuse Permalink rate up rate down Reply

Daniel

Matt,

"and compatible :D", yup it's great using a browser which doesn't hook into any of OS X's features, like keychain.

Garbanzo,

You can still corrupt blocks of memory using this and any security researcher knows that once this happens, you have a clear understanding that Apple have ZERO understanding of secure coding or creating robust applications which can handle malicious activity.

November 22 2006 at 3:24 AM Report abuse Permalink rate up rate down Reply

James

This why I have ClamXav Sentry always watching my Desktop (where I download files), my Applications folder, my Home folder, and my mailbox. It's only ever gone off three times; first time was using that test file you can get; second was testing a real virus from Limewire; third was an oversized ZIP in the CoD2 demo (which was a false alarm of course).

November 22 2006 at 12:25 AM Report abuse Permalink rate up rate down Reply

Garbanzo

I dugg down to the actual website reporting the bug, and they make it sound a lot less sinister than the article IT Week seems to think it is.

From The website that reported the exploit.
Mac OS X fails to properly handle corrupted UDTO HFS+ image structures (ex. bad sectors), leading to an exploitable denial of service condition. Although it hasn't been checked further, memory corruption is present under certain conditions (in this particular case, unlikely to allow arbitrary code execution).

November 21 2006 at 11:40 PM Report abuse Permalink rate up rate down Reply

schlomo

or switch to a BonEcho build for you processor - fast, reliable, free, open-source, extensible, and compatible :D

November 21 2006 at 11:31 PM Report abuse Permalink rate up rate down Reply