Advertisement
Promo

Security threats Toolkit

US Government warns of Apple flaw

Tom Espiner ZDNet.co.uk

Published: 24 Nov 2006 17:01 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The US Government has added its weight to warnings about a vulnerability in Apple's Mac OS X.

The US computer emergency response team, US-CERT, issued an alert on Thursday, reporting a failure in the way OS X handles corrupted disk image files for Macs using the DMG format. CNET News.com first reported the vulnerability on Tuesday.

A disk image is a digital representation of the contents and structure of a storage device such as a CD or DVD. According to US-CERT, the vulnerability in OS X may allow an attacker using malformed DMG files to corrupt system memory in a way that could allow arbitrary code execution or cause a denial of service.

The news of the vulnerability has caused fierce debate among Mac supporters and detractors. Various News.com readers were incensed that the vulnerability had been reported as remotely exploitable, reasoning that to download a DMG file would require user interaction.

The researcher who found the vulnerability claimed it is remotely exploitable as Apple's Safari browser can be set to automatically open DMG files downloaded from external sources. The researcher claimed this can be prevented by changing the browser preferences and deactivating the functionality for opening "safe" files after downloading.

However, the US-CERT vulnerability note said the organisation was "currently unaware of a practical solution to this problem".

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
377 out of 492 people found this useful


Talkback

Post a comment


Full Talkback thread

7 comments

  1. oh please... moofer
  2. MS & Security Companies dream of corrupt OS X mbookmeyer
  3. Another ZDNET anti-Apple drama... longmover
  4. In total agreement of over zealous reporting 1000270967
  5. In our defence Graeme Wearden
  6. My main beef with reporting by Zdne... 1000270967
  7. Thanks for the feedback longmover

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:




Related Jobs

2nd / 3rd Line IT Support Engineer / Network Engineer

Application Support (financial support)

Project Manager / Technical Account Manager - Bedfordshire 45k+bens

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Met will not reopen phone hack investi...

The Metropolitan Police will not reopen its investigation into alleged phone hacking by the News of the World. In a press statement delivered outside Scotland Yard on Thursday, Assistant... More

Post a comment

FUD over ChromeOS's security already?

It hasn't taken long for the security vendors to wake to the potential of Google's new ChromeOS. The potential that is, to create FUD – fear uncertainty and doubt. In a release today,... More

Post a comment

Feds take DDoS in their stride

The US Department of Homeland Security has said that a series of distributed denial-of-service attacks began on US government networks on 4 July. However, Amy Kudwa, deputy press... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters