Security firm Secunia Validates MoKB Zero Day OS X Exploit

Rating it "Critical", Secunia has validated the exploit, originally posted by LMH via MoKB (Month of Kernel Bugs). "This issue is remotely exploitable as Safari loads DMG files from external sources (ex. visiting an URL). This can be prevented by changing the Preferences and deactivating the functionality for 'opening "safe" files after downloading'."

LMH has reported a vulnerability in Mac OS X, which potentially can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error in com.apple.AppleDiskImageController when handling corrupted DMG image structures. This can be exploited to cause a memory corruption and may allow execution of arbitrary code in kernel-mode.

The vulnerability is reported in a fully patched Mac OS X (2006-11-20). Other versions may also be affected.

News source: Secunia
News source: MoKB Submission

Report a problem with article
Previous Story

Microsoft didn't create "Zune"

Next Story

Windows Vista Custom PC Design

59 Comments

Commenting is disabled on this article.

Security is largely based, on the architecture of an OS, because of its careful and modulair design and integrated security, OSX users only depent on Apple for security. Thus writing a virus for OSX is extremely difficult and takes too much time and effort. Before any remotely succesful attempt has been made Apple will have provided a patch. I firmly believe that this is the main reason why there has not been any succesful exploits for OSX: it simply is too difficult to create an exploit for the few recently discovered issues which are not patched yet and it is 'too easy' for Apple to correct these. 5 Years without any succeful exploit; this can not be a co-incidence.

A 'Don't worry, be happy' mac-user.

I think I'm still way safer than Windows users because there's only 2 viruses for the Mac which don't do a lot, and there aren't many ways to attack a Mac because it's UNIX-BASED (that is, if you compare to WinXP and vista, of course... because yes, there ARE many ways to attack a mac............) Sooooo, I'm safer here than I've never been on my old Windows machine. Thanks secunia for your hard work discovering issues in the Mac, I'm glad you exist, you help Apple making better products. Apple will fix it soon I hope and I will be protected again. End of the discussion.

Quote - PsykX said @ #18
I think I'm still way safer than Windows users because there's only 2 viruses for the Mac which don't do a lot, and there aren't many ways to attack a Mac because it's UNIX-BASED (that is, if you compare to WinXP and vista, of course... because yes, there ARE many ways to attack a mac............) Sooooo, I'm safer here than I've never been on my old Windows machine. Thanks secunia for your hard work discovering issues in the Mac, I'm glad you exist, you help Apple making better products. Apple will fix it soon I hope and I will be protected again. End of the discussion.

Well using your logic, there are Zero viruses or exploits for Windows Vista, so it would be far safer than OSX?

Existence and potential are two different things. (Like energy, it is the difference between a hydrogen molecule and an Atomic explosion.)

Just because less viruses and exploits are availble for an OS doesn't mean a massive attack could still not happen if there is potential. And sadly, Mac is not secure because it is designed better than other OSes, it is Secure because it less people are trying to split an hydrogen atom for it.

As a proof of example: Windows NT was considered to be 'virus resistent' (yes the same core that is running WindowsXP and Vista.) However this was back in 1992-1996, and even though it 'was' more secure than most OSes, it was not fool proof, as hackers over the years have demonstrated. It just was not in wide use, and the current exploits and viruses of the time failed on it because they didn't try to circumvent the security in NT. Back in 1995 it was considered silly by many IT professionals to run Anti-Virus software on NT, and they were respected viewpoints then. Today they would be laughed out of their jobs.

So good luck with the whole 'belief' that OSX 'is' more secure or will stay virus free.

Since there were no viruses before, no it's most likely not gonna stay virus free, unless Apple manages to do a big security improvement in the next OS. But I remember that in the code of one of those viruses, the write commented "so much time for such a small virus...". I think it means everything.

Okay, Vista is recent and OS X is not. Yes, Vista right now is more secure than OS X, I don't know why I said the opposite. But security changes along the time, not only because their creators update it, but because it gets old and people get more used to the way it's coded. That is the problem with OS X. There is 6% of the population that gets used to the way it's coded, while 90% get used to Windows, so there's a factor of 90/6=15. Windows should be 15 times more subject to attacks than OS X at this current moment. Things change every day though, the more people are gonna switch, the more OS X haters will like to write code and learn about the flaws, the less OS X will be secure.

I'm still standing on the fact that it's UNIX-based and that apple updates security regularly and that the basis is quite secure already. Look at safari 3 in leopard, there's so many security improvments that's gonna help fight against malicious code.

Yes, right now Vista is more secure than OS X because there's nothing for it. Things will change and because I think OS X is more secure, I am sure that the graphics malicious code / time will continue to be more stable on OS X, while on Vista, it's gonna go up and up and up. Less than XP - don't get me wrong. It's far more secure.

Btw, anti-viruses are bad, not because it protects you (duh..) but because it slows down your whole system, and eventually your hard disk (if you have one). So if OS X manages to stay almost virus-free, it's gonna be a big step forward. They still have a long way to do, but the basics are set and they're strong IMO.

I know I did an arrogant comment in the first place and it looked like an Apple zealot. Well yes I am one, but sometimes I like to argue intelligently, not like in the first post.

Well good thing there aren't any morons using computers then.... :rolleyes:

the majority of exploits can only be exploited due to morons settign stupid settings and stuff on their computers, no matter what the OSis... yet still... thousands of these happen all the time... Face it, the majority of computer users, of any OS are morons.

And well.. they are surely morons when it's an option activated by default (i didn't check my macos so it may disabled by default) and they have no ideas whatsoever what it would imply ? :D... You can argue whatever you want (morons or not) but as people drive cars but don't know how the engine is built... the same applies to people using computers (the majority !)

It's enabled by default. I disabled it because I like to open my downloads when I'm ready to, not due to any security restrictions. Get your downloads from trusted sources (Sourceforge, Macupdate, etc.) and you won't have anything to worry about.

Quote - Syphonic said @ #13
Only a moron has 'Open safe files after downloading' enabled anyway.

Are you forgetting that Mac's marketing pushes the 'no-fuss, don't worry about me, I'm a secure computer' mentality?

Sure smart IT people won't be hit by this, but that is not the majority of the Mac base...

Unless it can be exploited remotely, it's not all that useful to anyone, really... And it still seems like their security model is sound, except for this bug.

I mean, I trust most people who have local access to my computer (which is me and *gasp* sysadmin)

Quote - CheeseCow said @ #11
Unless it can be exploited remotely, it's not all that useful to anyone, really... And it still seems like their security model is sound, except for this bug.

I mean, I trust most people who have local access to my computer (which is me and *gasp* sysadmin)

Read the articles on this. IT CAN BE EXPLOITED REMOTELY and even CIRCUMVENT system security, as it corrupts memory at an elevated level.

Just 'browsing' to a web site with the exploit could infect your computer with an elevated virus.

They'll never patch it.

They'll deny it's there ignoring it.
and after the exploit is gone isn some future patch, they'll deny there ever was an exploit and they certainly didn't patch any such non existing exploit.

Quote - markjensen said @ #9.2
And your basis for this opinion of your is what?

Certainly not historical statistical data that one can readily compare!
Apple: 5% of Secunia advisories unpatched
Microsoft: 18% of Secunia advisories unpatched

Although your links for Secunia are accurate. What the above poster says does have merit. In the System 8.x and System 9.x days, patches were issued that fixed bugs and exploits that Apple would never confirm existed.

In OSX, they also have made several updates that have patches 'mixed' into the update that they never acknowledge was a problem or was fixed in the update.

So Secunia data would be correct, as Apple 'did' patch the exploits, but they never would confirm they were exploits or existed, nor did they list them in the patch that corrected them.

So as the above poster suggested, they would sweep them under the carpet and prentend there were never there, he didn't say they wouldn't 'ever' fix it, but made a funny reference to what they have done in the past by patching things and not acknowledging the exploit or that they patched it.

Definitely:

http://blogs.technet.com/security/archive/...ity-trends.aspx

Check out the "Figures 7a and 7b: Platform vulnerabilities by percentage and by count thru September"...

I am not saying that it is brand new information but it puts it into light: that time for OS X is alredy here. Apple is still enjoying the remaining "it is much more secure" sentiment but as time goes on, it will wear off as more and more people learn to live with the reality.

:yawn:
Normally, I hear "OSX is more secure than Windows". And there are certainly less exploits for it.

The only ones I ever hear say "infallible" are pathetic trolls... Now, go away until you learn to discuss things reasonably.

Sarcasm, my friend, is generally lost in pure text.

However, obnoxious can often be found in all upper-case posts that state absurdly extreme viewpoints.

I'm not sure if the fact that OS X is more secure is just because it's OS X or because it's UNIX-based, or both. Of course there are still exploits though... OS X haters always use bad sarcasm against it..

I don't think i have ever seen a Mac user say OS X is "infallible", actually, the only people i have seen say it, are users of other OS's trying to be funny, but failing.

Quote - PsykX said @ #1.4
I'm not sure if the fact that OS X is more secure is just because it's OS X or because it's UNIX-based, or both. Of course there are still exploits though... OS X haters always use bad sarcasm against it..

Is OSX more secure or less exploited due to how small it's market share is??

Quote - trip21 said @ #1.6
Is OSX more secure or less exploited due to how small it's market share is??
Having a smaller marketshare definitely means that it is a smaller target.

However, some like to draw the conclusion from that if OSX marketshare was 90%, like Windows, then it would be just as exploited as Windows. And that is something that no one can be sure of, because software problems/exploits aren't driven by marketshare.

Plus, looking at it, either way you look at it (whether Unix-based security and better default settings, or marketshare) currently OSX is a lot better off security wise. And I look forward to a time when there is more than one OS that people consider when buying a PC. Microsoft needs competition from someone so they can keep on their toes and not become lazy.

Quote - wicker_man said @ #1.7

Clearly, Kushan is a moron without a bit of common understanding. The only thing he could afford is to pirate a copy of XP, as he doesn't have money to buy a Mac or knowledge to use Linux. Now, he can use CAPSLOCK proficiently, that's for sure. Just ignore the troll.

Actually he was being sarcastic, wasn't that hard to understand really, especially how he was so way over the top about it.

YOU however are being a troll. and a belittering insulting one at that. but I guess it helps to make yrouself seem just a little bit better than anyone else.


And for the record, yes I have hear Mac users claimthe infallibility of MacOS frequently. especially ion discussion regarding how MacOS don't get attack ebcause of the small target group and such, you frequently get the "No it's just not possible to write viruses/worms/exploits for Mac" group of people.

Quote - markjensen said @ #1.1
:yawn:
Normally, I hear "OSX is more secure than Windows". And there are certainly less exploits for it.

The only ones I ever hear say "infallible" are pathetic trolls... Now, go away until you learn to discuss things reasonably.

HAH!

The source of all the comments about INFALLIBLE security on OS/X comes straight from Apple and their bull**** ads.

Quote - hapbt said @ #1.9
HAH!

The source of all the comments about INFALLIBLE security on OS/X comes straight from Apple and their bull**** ads.

No need to resort to swearing. It indicates a lack of reasoning ability, or lack of control over one's personal emotions in a logical discussion. Plus bypassing the swear filter here (with your clever substitution of the exclamation point for the letter "i" ) is against the rules here. Although I suspect that you already knew this. ;)

I take it you are referring to the "Viruses" ad? http://movies.apple.com/movies/us/apple/ge...ses_480x376.mov

Perhaps you can point to where they mention infallible security? I don't think you can, since they don't. They clearly point out the estimated number of viruses for PCs. Maybe you twist that around in your head in such a way that you think Apple says they are "infallible"? If so, I truly feel sorry for your ability to comprehend and think critically.

Quote - HawkMan said @ #1.8

Actually he was being sarcastic, wasn't that hard to understand really, especially how he was so way over the top about it.

YOU however are being a troll. and a belittering insulting one at that. but I guess it helps to make yrouself seem just a little bit better than anyone else.


And for the record, yes I have hear Mac users claimthe infallibility of MacOS frequently. especially ion discussion regarding how MacOS don't get attack ebcause of the small target group and such, you frequently get the "No it's just not possible to write viruses/worms/exploits for Mac" group of people.


Of course I am a troll, for what do I know, eh? I can say the same thing about those Mac users claiming infallibility of MacOS X, and POSTING JUNK LIKE THAT is a sign of the lack of online etiquette - as Mark said, 'obnoxious can often be found in all upper-case posts that state absurdly extreme viewpoints'. So whatever appeals to you, kind sir.