Mac OS X UDIF disk image critical exploit released

The MoKB (Month of Kernel Bugs) has posted details of a critical flaw in the AppleDiskImageController for Mac OS X along with the proof-of-concept.  This exploit can trigger kernel-mode arbitrary code execution which means the attacker can run anything they want on your computer with all privileges.

The MoKB (Month of Kernel Bugs) has posted details of a critical flaw in the AppleDiskImageController for Mac OS X along with the proof-of-concept.  This exploit can trigger kernel-mode arbitrary code execution which means the attacker can run anything they want on your computer with all privileges.  According to the MoKB website, "It's been tested on an up-to-date (20-11-2006) Mac OS X installation, running on an Intel 'shipping' Mac".

Since the DMG image structure files can be downloaded and automatically executed as a "safe" file by Safari, it is highly recommended that Mac OS X users deactivate the open after download feature for DMG files.  Users should also be wary of manually opening any DMG files.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All