US Government warns of Apple flaw

US computer emergency response team has warned of a vulnerability in Mac OS X
Written by Tom Espiner, Contributor

The US Government has added its weight to warnings about a vulnerability in Apple's Mac OS X.

The US computer emergency response team, US-CERT, issued an alert on Thursday, reporting a failure in the way OS X handles corrupted disk image files for Macs using the DMG format. CNET News.com first reported the vulnerability on Tuesday.

A disk image is a digital representation of the contents and structure of a storage device such as a CD or DVD. According to US-CERT, the vulnerability in OS X may allow an attacker using malformed DMG files to corrupt system memory in a way that could allow arbitrary code execution or cause a denial of service.

The news of the vulnerability has caused fierce debate among Mac supporters and detractors. Various News.com readers were incensed that the vulnerability had been reported as remotely exploitable, reasoning that to download a DMG file would require user interaction.

The researcher who found the vulnerability claimed it is remotely exploitable as Apple's Safari browser can be set to automatically open DMG files downloaded from external sources. The researcher claimed this can be prevented by changing the browser preferences and deactivating the functionality for opening "safe" files after downloading.

However, the US-CERT vulnerability note said the organisation was "currently unaware of a practical solution to this problem".

Editorial standards