Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Multiple Security Vulerabilities Found In Apple's Disk Image Software
- Thread starter MacRumors
- Start date
- Sort by reaction score
I'm old school, I guess.. I never let my OS just go ahead and execute and/or mount downloaded files.
It's a habit left over from the days when trying to mount or extract a file made your computer drag like hell, and if you had other applications open, it could result in corruption or mounting problems.
But this instance further proves my theory that OSX is just as capable of having flaws as any other OS.. it's just that you don't have nearly as many eyes looking for them, or interested in exploiting them.
With Macs increased popularity, come increased interest in such things.
It's a habit left over from the days when trying to mount or extract a file made your computer drag like hell, and if you had other applications open, it could result in corruption or mounting problems.
But this instance further proves my theory that OSX is just as capable of having flaws as any other OS.. it's just that you don't have nearly as many eyes looking for them, or interested in exploiting them.
With Macs increased popularity, come increased interest in such things.
They already locked part of this down earlier this year. You used to be able to add to the list of what is considered a "safe" file by editing a file in your preferences folder, however Apple took this ability away, and now it only opens a preset number of file types defined by Apple.
I was pretty PO'd when that happened. Allowing me to set my own file types was incredibly useful. And it's not like it's a simple task any normal user could do. Way to go Apple for trying to save me from myself.
I was pretty PO'd when that happened. Allowing me to set my own file types was incredibly useful. And it's not like it's a simple task any normal user could do. Way to go Apple for trying to save me from myself.
I can't believe that option (to automatically open "safe" downloaded files) even exists, nevermind be on by default. Not in this age of malicious drive-by downloads.
This .dmg DenialOfService exploit looks to be blown WAY out of proportion..
For any DOS to occur one has to have certain ports available via a web server or another port..
I tested this dmg file last night.It did cause a panic but after turning off my connection to the internet and repairing permissions it could no longer do any damage.
I say overblown bunk..
just my opinion mind you
For any DOS to occur one has to have certain ports available via a web server or another port..
I tested this dmg file last night.It did cause a panic but after turning off my connection to the internet and repairing permissions it could no longer do any damage.
I say overblown bunk..
just my opinion mind you
Camino should definitely also be affected (I did not dare to test it). Turn off the 'Open safe files' option there as well.
Their seems to be an element of resentment towards OS X among some of the Linux crowd because it's getting a lot of traction in, of all things, the Linux crowd.
First of all, GNU/Linux and FreeBSD has a huge marketshare in servers, and OS X doesn't, and I don't see any numbers that make me believe they are climbing rapidly in the server space. Secondly, I don't think the "Linux crowd" really cares for spreading FUD about OS X. Thirdly, they posted a hell of a lot of kernel bugs for FreeBSD and GNU/Linux also. So please stop telling lies about Linux users. I for one, use FreeBSD, Linux and OS X on a regular basis.
Well, it's not unwarranted. Your view deals more directly with integrity than trust. It's a small, but important, distinction. If you're acquiring software from a known provider, be it Apple, Adobe, Versiontracker, or another relatively major source, you're entitled to have good faith that you'll be provided with an uncompromised product.
Any lapses in that product's integrity are not your fault, assuming you've taken appropriate care and followed general safety recommendations. When problems do happen, as long as the situation is remedied, there's no reason not to continue to trust "known" providers, assuming the problems remain isolated. The iPods were dealt with right away, and anyone running a Windows machine without AV software has failed to exercise their own due diligence in the process. That's not to excuse the event, but it is a salient detail in the strength of the gavel swing, as it were. It's not as though people operate with a one-strike policy with these sorts of things (otherwise, they'd have no computer at all).
This is correct. There are several ways to do this, the most accessible of which may be the 'meta refresh'. The 'protocol hole' POCs exploited this.
This is incorrect. It has nothing to do with the browser. Anyone who can get a malicious DMG on your hard drive can do you harm. Remember: the Trojans brought the horse in.
Would you be so kind as to design that validation system and accept full responsibility if it ever fails?
First of all, no one should be running their daily tasks while logged on as administrator.
Your administrative account should only be used for installations and maintenance, period.
Unlike Windows, nothing can be installed on your system without the administrators permission.
All your daily tasks should be run from your Secondary Super User Account
which allows you to use all your normal applications, while preventing installation or removal of any application.
This is your most critical protection against security vulnerabilities.
Once again, the greatest risk to your security comes from downloading
applications and other files from unknown sources.
Most users stick to LEGAL, recommended applications from known and trusted developers, so this is generally not a problem.
Your administrative account should only be used for installations and maintenance, period.
Unlike Windows, nothing can be installed on your system without the administrators permission.
All your daily tasks should be run from your Secondary Super User Account
which allows you to use all your normal applications, while preventing installation or removal of any application.
This is your most critical protection against security vulnerabilities.
Once again, the greatest risk to your security comes from downloading
applications and other files from unknown sources.
Most users stick to LEGAL, recommended applications from known and trusted developers, so this is generally not a problem.
But if we read the description of the vulnerability:
It appears to use the text "unpriviledged users" to indicate that this exploit is one that can allow arbitrary code execution even if you haven't provided an administrator's password.
The point appears to be that malformed information within the .DMG header is causing unintended side-effects within the kernel process in change of interpreting the .DMG files.
You typically don't need to provide any administrator password to mount a .DMG file, and various web browsers are configured by default to potentially allow web pages to silently download and attempt to mount them behind your back. That's the crux of this vulnerability.
Since the error happens before any applications had a chance to explicitly attempt to access Administrator privileged operations, the requirement to authenticate before granting access becomes moot.
You may be right, but this would be highly unusual.
You can drag install applications without the administrative password,
but you still have to be logged on as administrator for that type
of application installer.
I understand what you're saying that simply mounting the faulty disc image
allows it to launch the code.
I'm not sure because any time I've ever received a corrupted .dmg
it just won't open.
You can drag install applications without the administrative password,
but you still have to be logged on as administrator for that type
of application installer.
I understand what you're saying that simply mounting the faulty disc image
allows it to launch the code.
I'm not sure because any time I've ever received a corrupted .dmg
it just won't open.
He IS right, don't be ignorant, and stop saying "I don't think...' or 'I doubt...' when the evidence and descriptions are available on the site that this article links to. Here it is again:
http://projects.info-pull.com/mokb/
The dmg exploit allows properly crafted corrupt .dmg files to execute any code with kernel privilege (even beats root access...) from any account.
By the way, there have been 4 new exploits since the article was posted. The total found by that project is now 7 Apple bugs that allow code to be executed by the kernel, disregarding any and all privileges.
I'm glad they are publishing the information instead of going directly to Apple with the report. Because apparently some of these exploits had already been reported to Apple long ago but were ignored or just partially fixed. So this is a great way to shake Apple and wake them up to the possibility that there are lots of dangerous exploits. A good start for Apple would be to start merging old security patches from FreeBSD with OSX. One (or was it two?) of these exploits were fixed 6 years ago in FreeBSD.
Best Regards