Mac OS X Vulnerable To Unpatched Bugs
On Monday, the "Month of Kernel Bugs" project, a month-long disclosure of operating system flaws, announced that a bug in Mac OS X's processing of DMG files -- disk images typically used to distribute software for the Mac -- could be exploited to crash a target machine. There was also the possibility that attackers could introduce additional malicious code to the compromised system to, for example, snatch control from its legitimate user.
Tuesday, the kernel bug campaign posted another Mac OS X flaw; the second bug, which also can be exploited via a malformed DMG file, involves how the operating system handles bad sectors in a disk image. A crash would be the likely result, said the online description of the flaw.
The bugs are more serious than other Mac vulnerabilities made public recently, said Symantec's Oliver Friedrichs, the director of the Cupertino, Calif., security company's security response team. "This is likely more serious because it is exploitable through the Safari browser," said Friedrichs. "Whenever there's a vulnerability in the browser [hackers] exploit it rather quickly."
Mac users running Apple's Safari Web browser are in danger because by default the application will automatically open any downloaded DMG file. Attackers would need to entice users to a malicious Web site and convince them to download a file, however.
Danish bug tracker Secunia rated the Monday vulnerability as "Highly critical," but Friedrichs didn't think there was much cause for alarm. "We're seeing more Mac vulnerabilities, but we don't yet see active exploits. Mac users still have the luxury of not being targeted by hackers."
That pattern is often cited by Mac defenders, who admit the operating system has vulnerabilities. But they note that attackers rarely follow up with actual in-the-wild threats.
Friedrichs agreed with that position, but reminded Mac users that an exploit could appear at any time. "Mac users have a false sense of security," he said. "There's no guarantee that this will not be exploited, or even seen in targeted attacks."
Safari users can protect themselves by disabling the automatic opening of downloaded files. To turn off the features, users should select File|Preferences, then under the General tab clear the box marked "Open 'safe' files after downloading".