OS X Vulnerability: Disk Images

MacSlash reports that corrupted .DMG files can be used to run arbitrary code on OS X. The Month of Kernel Bugs project has just proof of concept, where they tested this on an up-to-date installation of OS X on an Intel-powered production Mac.

Corrupt .dmg files are not properly processed by the kernel driver responsible for mounting them. They’ve posted a sample .dmg that causes a panic but the author of the report claims that arbitrary code execution is possible. Based on the debug output, that’s a credible claim. There’s no word on whether Apple has responded to this bug. To avoid this bug until Apple squashes it, be very careful where you get your .dmg files. And if you use Safari, don’t let it open “safe” files after downloading.

If you follow the MOKB link above, you can even download a disk image so you can reproduce the bug on your Mac.

Apple Gazette Team
We are a team of writers passionate about entrepreneur lifestyle and innovation. We write about topics which you are sure to find useful. This includes everything from economics and finance topics, product and technology reviews, to in-depth how-to guides and much more.


Your email address will not be published. Required fields are marked *