OS X Vulnerability: Disk Images

Table of Contents

MacSlash reports that corrupted .DMG files can be used to run arbitrary code on OS X. The Month of Kernel Bugs project has just proof of concept, where they tested this on an up-to-date installation of OS X on an Intel-powered production Mac.

Corrupt .dmg files are not properly processed by the kernel driver responsible for mounting them. They’ve posted a sample .dmg that causes a panic but the author of the report claims that arbitrary code execution is possible. Based on the debug output, that’s a credible claim. There’s no word on whether Apple has responded to this bug. To avoid this bug until Apple squashes it, be very careful where you get your .dmg files. And if you use Safari, don’t let it open “safe” files after downloading.

If you follow the MOKB link above, you can even download a disk image so you can reproduce the bug on your Mac.

Picture of Kokou Adzo

Kokou Adzo

Kokou Adzo is a stalwart in the tech journalism community, has been chronicling the ever-evolving world of Apple products and innovations for over a decade. As a Senior Author at Apple Gazette, Kokou combines a deep passion for technology with an innate ability to translate complex tech jargon into relatable insights for everyday users.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts