From the guys behind MoAB. Another example of the open source vulnerability danger in OS X. In the past, Apple has sometime been slow to fix open source vulnerabilities in OSX.
Combine the slow reaction time with the complete silence from Apple on public vulnerabilities inherited from open-source projects and you end up with quite a mess.
If I were a OSX user, that would make me a little worried, to say the least. Is OSX vulnerable? Is it not? Is Apple working on the issue? Who knows...
Perhaps they should release a iSecurityUpdateBlog at next year's Macworld Expo.
--------------------------------------------
MOAB-10-01-2007: Apple DMG UFS ffs_mountfs() Integer Overflow Vulnerability
The ffs_mountfs() function, part of the UFS filesystem handling code (shared between FreeBSD and Mac OS X XNU) is affected by an integer overflow vulnerability, leading to an exploitable denial of service condition and potential arbitrary code execution.
This issue is related to those published in the UFS code as part of the Month of Kernel Bugs, and the set of DMG flaws that couldn't make it to the MoKB schedule. As DMG encapsulates filesystem streams, most of the bugs existent in the FreeBSD kernel sources tree can be abused in Mac OS X's XNU via rogue DMG images.
This issue has been verified on Mac OS X 10.4.8 (8L2127) x86. Previous versions might be affected. FreeBSD 6.1 is affected as well.
The provided proof of concept will cause a so-called kernel panic due to allocation of a negative size buffer.
Note: Safari will do it automatically unless the 'Open safe files' option is disabled in your preferences (which is strongly recommended), allowing remote exploitation of this issue.
No comments:
Post a Comment