Mac exploit code published

Security researchers have warned that exploit code has been released for a 'zero-day' hole in Mac OS X.


Exploit code for a "highly critical" flaw in Apple's operating system, Mac OS X, has been published on the Net, security experts have warned.

The code, which exploits an unpatched bug in the way Apple's Mac operating system handles DMG image structures, could be used to carry out serious attacks by taking advantage of the way Safari handles DMG disk images.

US-CERT, Secunia and others have warned this could allow someone to run malicious code in kernel mode.

The code was published by a researcher known as LMH as part of the Month of Kernel Bugs (MoKB) project, which is aiming to publish a bug every day during November for the purposes of testing kernel code strength and quality.

"MoKB's goal was (and currently is) checking how many unreported and unknown issues can be found in kernel code out there, using simple, yet effective tools deploying techniques such as fuzzing and 'stress testing'," the project's organisers said on the MoKB site.

The problem is with OS X's component, which doesn't properly handle corrupted DMG image structures, LMH wrote in the MoKB advisory. The bug could lead to an exploitable memory condition that could allow unprivileged users to execute code in kernel mode, the advisory said.

"This issue is remotely exploitable, as Safari loads DMG files from external sources (for example visiting a URL)," the advisory said. "This can be prevented by changing the Preferences and deactivating the functionality for 'opening "safe" files after downloading'."

The bug was successfully tested on an up-to-date installation of Mac OS X as of Monday, running on an Intel-based Mac, the researcher said. The advisory includes code that can be used to test the exploit - or could be used to build a functioning attack against Mac OS X. Secunia has given the bug its top "highly critical" rating.

LMH also posted exploit code for a relatively benign denial-of-service bug in OS X on Wednesday. As of Thursday, the bug hadn't yet been patched by Apple.

Security researchers have warned of the escalating threat to OS X users in recent months, as the operating system has gained market share. However, security experts admit that while researchers are turning up an increasing number of OS X bugs, attacks aimed at invading Mac systems have remained rare so far, due to the operating system's tiny installed base relative to Windows.

"Recommended For You"

Month of bugs targets QuickTime Apple patches critical hole in QuickTime