A security researcher who goes by the initials “LMH” has published attack code for an unpatched flaw in Mac OS X.
Although the popular knowledge is that Mac OS X is a much more secure operating system than it’s rival Windows, it looks like the feeling of security that Mac users were used to is now seriously damaged by a critical flaw.
The flow exploits a security hole in the way Mac OS X handels disk image files. “Mac OS X com.apple.AppleDiskImageController fails to properly handle corrupted DMG (disk image) image structures, leading to an exploitable memory corruption condition with potential kernel-mode arbitrary code execution by unprivileged users,” wrote the LMH on a blog devoted to the “Month of Kernel Bugs” campaign.
“This issue is remotely exploitable as Safari loads DMG files from external sources (ex. visiting an URL). This can be prevented by changing the Preferences and deactivating the functionality for opening ‘safe’ files after downloading,” LMH continued.
The Danish security researcher Secunia, has rated the currently unpatched Mac OS X flaw as highly critical, due to the fact that it can be used by a remote user to gain control of an affected system. The exploit could also be used by local users to gain higher privileges over the system.
Apple has yet to comment on this exploit.
The Month of Kernel Bugs campaign was initiated by independent security researchers and targets flaws in operating system (OS) kernels. The researchers plan to release one new exploit targeting an unpatched flaw in an OS kernel each day of November.