OS X Vulnerability: Disk Images

Table of Contents

MacSlash reports that corrupted .DMG files can be used to run arbitrary code on OS X. The Month of Kernel Bugs project has just proof of concept, where they tested this on an up-to-date installation of OS X on an Intel-powered production Mac.

Corrupt .dmg files are not properly processed by the kernel driver responsible for mounting them. They’ve posted a sample .dmg that causes a panic but the author of the report claims that arbitrary code execution is possible. Based on the debug output, that’s a credible claim. There’s no word on whether Apple has responded to this bug. To avoid this bug until Apple squashes it, be very careful where you get your .dmg files. And if you use Safari, don’t let it open “safe” files after downloading.

If you follow the MOKB link above, you can even download a disk image so you can reproduce the bug on your Mac.

Disclaimer: Please note that some of the links in this article may be Amazon affiliate links. This means that if you make a purchase through those links, we may earn a commission at no extra cost to you. This helps support our website and allows us to continue providing informative content about Apple products. Thank you for your support!

Leave a Reply

Your email address will not be published. Required fields are marked *

Share the Post:

Related Posts