All the latest UK technology news, reviews and analysis

New exploit published for Mac OS X

by Shaun Nichols

More from this author

22 Nov 2006

Comments: 3

  • Tweet this
Apple
The exploit targets a component used to run Apple's .dmg disk images files

A security researcher has posted proof-of-concept code for a 'highly critical' vulnerability in Apple's OS X operating system. 

The exploit targets a component used to run Apple's .dmg disk images files. The .dmg format is commonly used to compress programs for download and is similar to the .iso format used in Windows.

A security researcher using the initials 'LMH' posted details about the vulnerability as part of the Month of Kernel Bugs project. 

The author claimed that the exploit could easily be executed in Apple's Safari web browser through a specially crafted .dmg file launched when a user visits a web page.

According to LMH, the threat can be mitigated in Safari by disabling a setting in the browser's preference panel that reads 'Open 'safe' files after downloading.'

Disabling the setting will prevent .dmg files, images, movies and PDF files from automatically opening after they have been downloaded.

Security firm Secunia rates the vulnerability as 'highly critical', its second-highest threat level. It is the highest alert level given to a Mac OS X vulnerability since the publication of an official Apple security update in early October. 

The Month of Kernel Bugs project has vowed to post new proof-of-concept or exploit code every day for the entire month of November.

Apple did not respond to a request for comment.

Do you agree?

Add your comment

kernel bug?

is that a kernel bug?

Posted by: Dan 23 Nov 2006

Month of bogus FUD

Yawn. This is so lame. Does this actually qualify as a good enough 'bug' to qualify for the payola check from Bill?

Posted by: Steve Jobs 23 Nov 2006

OMG

OMG

Posted by: larry 23 Nov 2006

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

data-security-key

Thousands of public encryption keys found to offer no security

Related white papers

Related articles

Related jobs

Today's top stories

Web blocking. Content owners want to stop copyright infringement

Music file-sharing site taken offline by UK Serious Organised Crime Agency

Mozilla Firefox logo

Mozilla adds Android and security updates to Firefox roadmap

Acer Aspire S3 Ultrabook

Acer Aspire S3 ultrabook review

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

Khidr headshot

Intel will prove Steve Jobs wrong in the mobile market

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

Information Security Manager

My client is a well established, non profit organisation;...

PHP Web Developer

PHP Web Developer – £30,000 - £35,000 PHP, MySQL, HTML...

HEAD OF DIGITAL - London - £80-95K+

HEAD OF DIGITAL - London - £80-95K + Excellent Bens...

Agile C# Developer - (North London)

Agile C# Developer - (North London) £55,000 - £65,000...

To send to more than one email address, simply separate each address with a comma.