'

Mac OS X UDIF disk image critical exploit released

The MoKB (Month of Kernel Bugs) has posted details of a critical flaw in the AppleDiskImageController for Mac OS X along with the proof-of-concept.  This exploit can trigger kernel-mode arbitrary code execution which means the attacker can run anything they want on your computer with all privileges.

The MoKB (Month of Kernel Bugs) has posted details of a critical flaw in the AppleDiskImageController for Mac OS X along with the proof-of-concept.  This exploit can trigger kernel-mode arbitrary code execution which means the attacker can run anything they want on your computer with all privileges.  According to the MoKB website, "It's been tested on an up-to-date (20-11-2006) Mac OS X installation, running on an Intel 'shipping' Mac".

Since the DMG image structure files can be downloaded and automatically executed as a "safe" file by Safari, it is highly recommended that Mac OS X users deactivate the open after download feature for DMG files.  Users should also be wary of manually opening any DMG files.