Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Mac OS X Apple UDIF Disk Image Kernel Memory Corruption - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Mac OS X Apple UDIF Disk Image Kernel Memory Corruption
A vulnerability has been reported in the way OS X handles corrupt DMG images. This would typically be a local user exploit for privilege escalation. The exception here would be that it could also be exploited remotely via the Safari web browser. A lot of  OS X binaries can arrive as DMG files. They are complete file systems, and are automounted in a default configuration. A corrupted DMG file would then compromise the system and allow for arbitrary code execution. This new vulnerability and the PoC is brought to you by the Month of Kernel Bugs (MoKB) and the number 10.

Mitigation: There currently is no vendor patch for this vulnerability. To reduce the risk of remote compromise reconfigure Safari and be careful with DMG files from untrusted or unknown sources. For Safari disable opening "safe" files after downloading. Tutorial on how and why to do so can be found here.

Secunia advisory can be found here

Adrien de Beaupre

Adrien de Beaupre

353 Posts
ISC Handler
Nov 22nd 2006

Sign Up for Free or Log In to start participating in the conversation!