Yet another day, and yet another over-hyped Mac security vulnerability. Alastair’s Place trashes the current flavor of the week, the .DMG “exploit.” They disassembled the code of this terrible exploit and found the following…
So, what have we learned:
1. It is not a memory overwrite bug.
2. It is not exploitable, except in that you can kernel panic a machine if you can persuade a user to double-click a damaged dmg file.
3. It is not, therefore, possible to use this bug for privilege elevation or to execute arbitrary code in the kernel.In fact, all lmh has found here is a bug that causes a kernel panic. Not a security flaw. Not a memory corruption bug. Just a completely orderly kernel panic. There aren’t even any processor exceptions involved; the path to the panic is perfectly normal non-exceptional code using ordinary function calls. (All of the preceding not withstanding, you should still turn off Safari’s “Open ‘safe’ files after downloading” option; that way, you can’t be tricked into clicking a link that could kernel panic your machine, or indeed fall foul of any other problems with the algorithm that determines how safe a file might be.)
Go ahead and read the whole post if you understand code. Me? I’m not a programmer, but I’ll take the word of someone who is. For laymen… The bug is nothing… All the folks trying to equate Windows to the Mac every time a new “bug,” “hack,” or “exploit,” is pushed forward can go back to the hunting now.
Alastair’s Place via MacDailyNews
[tags]dmg, bug, security, osx, mac, apple[/tags]