Can someone translate this for the layman?
Is this only relevant for people who use Safari? [...] Camino (Open safe files).
Their seems to be an element of resentment towards OS X among some of the Linux crowd because it's getting a lot of traction in, of all things, the Linux crowd. I suspect that has played a part in what bugs they've chosen to start off with.
Well, it's not unwarranted. Your view deals more directly with integrity than trust. It's a small, but important, distinction. If you're acquiring software from a known provider, be it Apple, Adobe, Versiontracker, or another relatively major source, you're entitled to have good faith that you'll be provided with an uncompromised product.Note, I'm not saying there's a lot of Mac spyware out there, just that our security is based too much on (in my opinion, unwarranted) trust.
This is correct. There are several ways to do this, the most accessible of which may be the 'meta refresh'. The 'protocol hole' POCs exploited this.Since some pages can even be written so that you don't even have to click on a link to download a file
This is incorrect. It has nothing to do with the browser. Anyone who can get a malicious DMG on your hard drive can do you harm. Remember: the Trojans brought the horse in.In order to mitigate the risk until Apple posts a patch, you should either use another browser other than Safari
Would you be so kind as to design that validation system and accept full responsibility if it ever fails?If Apple would just have decent validation in place we'd be fine.
First of all, no one should be running their daily tasks while logged on as administrator.
Your administrative account should only be used for installations and maintenance, period.
Unlike Windows, nothing can be installed on your system without the administrators permission.
It appears to use the text "unpriviledged users" to indicate that this exploit is one that can allow arbitrary code execution even if you haven't provided an administrator's password.Mac OS X com.apple.AppleDiskImageController fails to properly handle corrupted DMG image structures, leading to an exploitable memory corruption condition with potential kernel-mode arbitrary code execution by unprivileged users.
You may be right, but this would be highly unusual.
You can drag install applications without the administrative password,
but you still have to be logged on as administrator for that type
of application installer.
I understand what you're saying that simply mounting the faulty disc image
allows it to launch the code.
I'm not sure because any time I've ever received a corrupted .dmg
it just won't open.