November 21, 2006 2:17 PM PST
Attack code targets zero-day Mac OS X flaw
- Related Stories
-
Broadcom flaw could allow Wi-Fi hijacks
November 13, 2006 -
Attack code out for new Apple Wi-Fi flaw
November 1, 2006 -
Apple flaws put both Macs and PCs at risk
May 12, 2006 -
Is Mac OS as safe as ever?
February 27, 2006
The proof-of-concept code exploits a security hole in the way Apple Computer's operating system handles disk image files, the researcher wrote Monday on a blog devoted to the campaign, which promises to reveal details of a new flaw in low-level software every day this month.
"Mac OS X com.apple.AppleDiskImageController fails to properly handle corrupted DMG (disk image) image structures, leading to an exploitable memory corruption condition with potential kernel-mode arbitrary code execution by unprivileged users," wrote the researcher, who goes by the initials "LMH."
The vulnerability could be exploited remotely, as Apple's Safari Web browser loads DMG files from external sources, such as one found while visiting an URL, LMH wrote. That could let an outsider compromise a system.
Secunia rated the vulnerability as "highly critical" in an advisory on its Web site on Tuesday. In addition to being used to compromise a computer, the flaw could be exploited by malicious local users to gain escalated privileges to the system, the security company said.
Apple representatives did not respond to a request for comment.
In the blog, researcher LMH said people can prevent an attack by "changing the Preferences and deactivating the functionality for opening 'safe' files after downloading."
Vulnerabilities in the Mac OS have been rising, leading some experts to note that the Macintosh platform is not impervious to security problems. The vast majority of security vulnerabilities affect computers running Microsoft Windows.
See more CNET content tagged:
Apple Mac OS,
Apple Mac OS X,
flaw,
vulnerability,
Apple Computer
BUT IT REQUIRES A LOCAL ACCOUNT ON THE MACHINE.
Please get a clue and publish some truth, cnet. We're all getting
tired of your fictitious shock-and-awe reporting. Let's hear some
facts for a change.
(not saying it isn't still in use). The current system is OS X.
clueless as this article is.
... the only thing that shocks me here, is the ineptness in the
reporting of a bad disk image as an actual flaw in the operating
system.
To be fair. The author may not understand exactly what a disk
image file is.
happen to run my business and develop exclusively on a G4 and
happen to love every minute of it.
Well, except when the spinning beach ball won't go away, but
other than that everything is awesome. Now you let me down
not only as a company but as a technology leader. How the hell
can you sleep at night knowing that you shut off the phones to
offer an explanation?
Wait, I know why! To offer an explanation of diligence would
warrant a fix of some-kind. Maybe a fix that you can't offer. So
this leaves me to wonder, as it should the world that use's
Apples products:
If Apple ignores our security needs like this, why should we
consider them at all?
A question all should be asking themselves, including you Steve
Jobs. After all, were ALL human!
J Gund
Tech01
suspect files is *always* going to be fraught with hazard,
You, the user, are in control of this aspect of security.
against thousands of real threats to worry about exploit code.
do we have to start nicknaming a proof of concept vulnerability
when it hasn't even hit mainstream yet? If we can even call it a
vulnerability.
As far as I know the Mac hasn't lost anyones money, or for that
matter lost anyones I.D., to date. I haven't heard any Mac users,
at my work, complain about system problems or crashing. When
I see Mac users around my office there almost always quiet and
busy working with nothing more than a cough coming from that
area. I wish I could say the same about the rest of the company,
but I digress. But its unfortunate these type of articles have to
exploit a virus thats proof-of-concept only (or even if it is a
virus), as it would almost certainly deter some switchers from
switching.
I use both a Windows machine and a brand spanking new
MacBook (that runs everything), the only issue I have with the
Mac OS is it really doesn't alot memory to certain tasks or appz
very well, other than that its pretty rock solid.
concerned. But honestly, do we have to start nicknaming a proof
of concept vulnerability when it hasn't even hit mainstream yet?
If we can even call it a vulnerability.
As far as I know the Mac hasn't lost anyones money, or for that
matter lost anyones I.D., to date. I haven't heard any Mac users,
at my work, complain about system problems or crashing. When
I see Mac users around my office there almost always quiet and
busy working with nothing more than a cough coming from that
area. I wish I could say the same about the rest of the company,
but I digress. But its unfortunate these type of articles have to
exploit a virus thats proof-of-concept only (or even if it is a
virus), as it would almost certainly deter some switchers from
switching.
I use both a Windows machine and a brand spanking new
MacBook (that runs everything), the only issue I have with the
Mac OS is it really doesn't alot memory to certain tasks or appz
very well, other than that its pretty rock solid.
might try Apple`s forums.
What I can do to get rid of this vulnerability is to restart my mac on
the XP side of bootcamp and I`ll besafe.
Thanks for nothing.
is to break into things? Are there researchers out there publishing
how to pick the locks or overcoming the alarm on my home?
WRONG!!! There are more vulnerabilities for the Mac than for Windows and Linux together.
It IS true that the vast majority of ATTACKS happen on Windows (for obvious reasons) but the fact that the article writer confuses vulnerabilities with attacks doesn't give me much confidence in the article.
Windows and OS X down to the level necessary to truly
understand this stuff. And I suspect most of the people posting
here also lack this knowlege.
I do know this though. There has never been a significant
security exploit on OS X, and there have been quite a few on
Windows. If security is a concern for you, then that is a reason to
buy a Mac.
Are Macs invulnerable? No. We'll they always be free of viruses
and security exploits? Probably Not. Is security something you
currently need to worry about on a Mac? No. Is security
something you will need to worry about in the future on a Mac? I
doubt it. While OS X is not likely to retain a 100% success rate
forever, it will very likely remain much more secure than
Windows for the forseeable future.
VXers!
they usually look at me like I was at their front door with a bible
and some pamphlets, and you lot are the reason why. Most of
the reasons posted for discounting this "hole" show that the
posters really didn't understand the article, consider the facts, or
click the link to the rest of the story. Someone wrote something
less than flattering about an Apple product, and in come the
Fanboys with their canned rhetoric to drown out the discussion,
not with facts, but with shear volume. For example...
---"Yeah, a corrupt disk image is bad.
BUT IT REQUIRES A LOCAL ACCOUNT ON THE MACHINE."---
What's your point? That it won't work if no user is logged in?
You can stare at the log in screen all day if you want, but I like to
log in and use my computer. Do you have some way of using
yours without logging into a local account? If you do, we all
want to know how you do it.
---"... the cnet folks may actually be so clueless as to believe
that it is a remote exploit just because the data involved can be
pulled over the network. In which case, all attacks on earth
would be considered "remote"."---
Consider the possibility of using the "corrupt DMG" as a trojan
horse, to install code that allows me to own your computer. I
put the file on my website, and you download it, thinking it's
nude desktops of Steve. When you open it, I own your computer
without ever sitting in front of it. That's a remote exploit.
---"Safari automatically opening files was an issue a LONG time
ago. The default setting for Safari for several years has been to
NOT automatically decode files!"---
All an attacker needs to do is get you to download it. If you'll
download it, you'll open it. Safari not required. Do you have any
idea how easy it is to get huge numbers of people to download
something?
---"Besides, what's the worst that can happen? The system
crashes. Period."---
From the article - "... leading to an exploitable memory
corruption condition with potential kernel-mode arbitrary code
execution by unprivileged users," wrote the researcher, who
goes by the initials "LMH.""
What's worse than the system crashing? Code execution by
unprivileged users.
Do you have some reason to believe that LMH is wrong about
the corruption being exploitable? That would be helpful, and a
valid objection to the article, but you didn't mention it.
---"To be fair. The author may not understand exactly what a
disk image file is."---
Do you understand what a stack overflow is? Are you saying
that a "corrupt" DMG file can't cause one? Are you saying that
memory corruption can't be exploited in OSX? That would be
useful information, if you can back it up, and a valid objection to
the article, but you didn't mention it.
Please stop defending Apple and my favorite OS. It is way more
secure than Microsoft's products, but it's not perfect. It's a
known fact that the most insecure component of any system is a
loose nut behind the keyboard. Based on that, The more you
Fanboys post, the more insecure OSX looks.
I don't know how serious this "hole" will turn out to be. Reports
like this have been popping up ever since OSX was released, but
there are still no serious threats to Mac OSX in the wild.
I know two things. I have no proof that it's not true, and the
Fanboys have offered no proof that it's not true.
In my opinion the headline "Attack code targets zero-day Mac
OS flaw" is a bit over the top, but the point of a headline is to
grab your attention, so it's to be expected that headlines are
sometimes like that.
Fanboys,
When it comes to making Mac Users look bad, you are worse
than the critics. Stop helping!
CBWolf, I agree except for one point. Security IS something Mac
OSX users need to worry about. There is more to security than
code exploits.
Lampie The Clown
voice shouting with a raging storm overhead.
A disk image file, to the user, is the same is inserting a CD, or
connecting to a another drive, except that it is done in memory.
These files are not automatically opened, to my knowledge at all.
You have to download it, and it still will do nothing because the
operating system will request your permission to do so. If it
contains an executable, it will ask you again before opening it.
I, as many other here, fail to see this as an exploitable security
issue. It is not an automatic, secret method to download/
install/run ANY kind of code.
If I create a CD, with an auto-run feature, on pre-Vista Windows,
it will execute. On OSX it will not unless I allow it. I can create
any type of program I want to auto-run. There is nothing wrong
with this, and nothing that dis-allows it. It is an extremely
useful method. Just like about everything else in the world,
someone could create a program to perform a malicious act.
It is not usual for a Mac user to go out and download, and install
from "unknown" or "mysterious" disk images. That would be
stupid, so they/we don't. No more than PC users will take a
mysterious CD image, or physical disk, then load and install it
either.
The story here is bogus, as so many have already tried to
explain. I wish some of you would just show a little bit more
intelligence. This goes for the author of this story as well. I
especially love the catchy title, even though it is B.S.
opening it."---
If you open a DMG that is designed to corrupt the memory stack,
it won't ask you anything. The concept is that just opening the
disk image will corrupt the memory. Once the stack is corrupt,
the author can direct the kernel to read and run any code they
wish, at the root level, without permission, and without you
knowing.
You can check this by clicking the link in the article, going to the
blog, and downloading an example of the exploit. If you are
right, you will get a pop up window when you try to mount the
DMG. If LMH is right, your computer will probably crash. The
question is, what code did LMH direct the kernel to run before
the crash?
So how confident are you in your opinion? I tried it on a test
machine, and know what happens. Post what happens when you
open the DMG here after you try it, unless you're not confident
enough in OSX to protect against such bogus threats. By the
way, there is no install, executable, or autorun, just mount the
DMG and see what files are inside. It's no different than
inserting a CD or connecting another drive, right?
Looking forward to your answer.
Lampie
- More "National Enquirer" headlines from CNET..
-
by imacpwr
November 21, 2006 11:50 PM PST
- CNET Quote: "Vulnerabilities in the Mac OS have been rising,
-
Reply to this comment
View
all 2 replies
-
-
See all 107 Comments >>leading some experts to note that the Macintosh platform is not
impervious to security problems."
And the ONLY OS that IS impervious to security problems
is......????
I thought so..
Come on CNET, lets keep things in perspective. The Mac with a
half dozen or so security problems to Windows hundreds of
thousands. If you're now going to label the Mac as "impervious
to security problems" then you need to openly label Windows as
a "MAJOR SECURITY RISK" and advise readers to avoid Microsoft
products at all costs..!!