Get Smart about Business Spending
- Related Stories
-
Broadcom flaw could allow Wi-Fi hijacks
November 13, 2006 -
Attack code out for new Apple Wi-Fi flaw
November 1, 2006 -
Apple flaws put both Macs and PCs at risk
May 12, 2006 -
Is Mac OS as safe as ever?
February 27, 2006
The proof-of-concept code exploits a security hole in the way Apple Computer's operating system handles disk image files, the researcher wrote Monday on a blog devoted to the campaign, which promises to reveal details of a new flaw in low-level software every day this month.
"Mac OS X com.apple.AppleDiskImageController fails to properly handle corrupted DMG (disk image) image structures, leading to an exploitable memory corruption condition with potential kernel-mode arbitrary code execution by unprivileged users," wrote the researcher, who goes by the initials "LMH."
The vulnerability could be exploited remotely, as Apple's Safari Web browser loads DMG files from external sources, such as one found while visiting an URL, LMH wrote. That could let an outsider compromise a system.
Secunia rated the vulnerability as "highly critical" in an advisory on its Web site on Tuesday. In addition to being used to compromise a computer, the flaw could be exploited by malicious local users to gain escalated privileges to the system, the security company said.
Apple representatives did not respond to a request for comment.
In the blog, researcher LMH said people can prevent an attack by "changing the Preferences and deactivating the functionality for opening 'safe' files after downloading."
Vulnerabilities in the Mac OS have been rising, leading some experts to note that the Macintosh platform is not impervious to security problems. The vast majority of security vulnerabilities affect computers running Microsoft Windows.
See more CNET content tagged:
flaw, researcher, Apple Mac OS, vulnerability, Apple Mac OS X
BUT IT REQUIRES A LOCAL ACCOUNT ON THE MACHINE.
Please get a clue and publish some truth, cnet. We're all getting
tired of your fictitious shock-and-awe reporting. Let's hear some
facts for a change.
clueless as to believe that it is a remote exploit just because the
data involved can be pulled over the network. In which case, all
attacks on earth would be considered "remote".
Please do some basic computer security research before publishing
articles on the topic.
Also this means that 99.999999% of Mac users are 100% unaffected by this stupidity in Mac OS X's default configurations. The only ones affected are those stupid enough to actively go in and change this setting and then leave it that way.
Besides, what's the worst that can happen? The system crashes. Period.
Reboot, don't do the stupid thing again, and move on.
This is no more an "exploit" of Mac OS X or of Safari than my going into a police station and demanding they give me all their cash at gunpoint.
(not saying it isn't still in use). The current system is OS X.
Interesting analogy you've chosen.
This is just a generic moniker, and as such is just as applicable to
any version of the operating system that comes from Apple for the
platform. Previous version were mac OS 9, mac OS 7, etc.
clueless as this article is.
... the only thing that shocks me here, is the ineptness in the
reporting of a bad disk image as an actual flaw in the operating
system.
To be fair. The author may not understand exactly what a disk
image file is.
happen to run my business and develop exclusively on a G4 and
happen to love every minute of it.
Well, except when the spinning beach ball won't go away, but
other than that everything is awesome. Now you let me down
not only as a company but as a technology leader. How the hell
can you sleep at night knowing that you shut off the phones to
offer an explanation?
Wait, I know why! To offer an explanation of diligence would
warrant a fix of some-kind. Maybe a fix that you can't offer. So
this leaves me to wonder, as it should the world that use's
Apples products:
If Apple ignores our security needs like this, why should we
consider them at all?
A question all should be asking themselves, including you Steve
Jobs. After all, were ALL human!
J Gund
Tech01
-SD-
are not even a real OSX user! If you were, you would know
what a disk image file is, and thus, know that this article is
nothing more than alarmist, bovine, fecal matter!
As a result, you must be one of those spin attack posters, you
know, a shill, for lack of a better, and decent description.
Basically, all I can say is shove it, and post your nonsense on
your nonsensical blog.
In the mean time, read up, and find out what a disk image file is,
and how it is handled.
So why did you waste your extremely limited time with him on a
bogus issue like this one?
these. Over a year ago I was visiting a Bay Area enterprise software
maker and overheard (I love those Polycom conferencing systems) a
'researcher' basically try and bribe his way into a job at that
company if they didn't want the exploit divulged. I later found out
from one of my retiring colleagues that this happens more often
than one might think. I have little doubt that Jobs and his minions
have better uses of their time than to have an informal chat with
the press.
What possible reason would Apple have to answer any inquiries made about it? That would mean having to admit their OS was not invulnerable and no company is going to do that.
suspect files is *always* going to be fraught with hazard,
You, the user, are in control of this aspect of security.
We don't want your calm and sensible comments. We want belligerence and Holy OS flamewars. Haven't you been here long enough to realize that nothing else matters other than to prove that I'm right and the rest of you are all wrong? :)
just ask the coffee servers @ macdonalds
fh
against thousands of real threats to worry about exploit code.
do we have to start nicknaming a proof of concept vulnerability
when it hasn't even hit mainstream yet? If we can even call it a
vulnerability.
As far as I know the Mac hasn't lost anyones money, or for that
matter lost anyones I.D., to date. I haven't heard any Mac users,
at my work, complain about system problems or crashing. When
I see Mac users around my office there almost always quiet and
busy working with nothing more than a cough coming from that
area. I wish I could say the same about the rest of the company,
but I digress. But its unfortunate these type of articles have to
exploit a virus thats proof-of-concept only (or even if it is a
virus), as it would almost certainly deter some switchers from
switching.
I use both a Windows machine and a brand spanking new
MacBook (that runs everything), the only issue I have with the
Mac OS is it really doesn't alot memory to certain tasks or appz
very well, other than that its pretty rock solid.
concerned. But honestly, do we have to start nicknaming a proof
of concept vulnerability when it hasn't even hit mainstream yet?
If we can even call it a vulnerability.
As far as I know the Mac hasn't lost anyones money, or for that
matter lost anyones I.D., to date. I haven't heard any Mac users,
at my work, complain about system problems or crashing. When
I see Mac users around my office there almost always quiet and
busy working with nothing more than a cough coming from that
area. I wish I could say the same about the rest of the company,
but I digress. But its unfortunate these type of articles have to
exploit a virus thats proof-of-concept only (or even if it is a
virus), as it would almost certainly deter some switchers from
switching.
I use both a Windows machine and a brand spanking new
MacBook (that runs everything), the only issue I have with the
Mac OS is it really doesn't alot memory to certain tasks or appz
very well, other than that its pretty rock solid.
Oh and by the way. If I don't read the news the world is really a nice place too.
might try Apple`s forums.
What I can do to get rid of this vulnerability is to restart my mac on
the XP side of bootcamp and I`ll besafe.
Thanks for nothing.
then provide an administrator password! The result is just a kernel
panic. No remotely executed code. Unpleasant yes, but hardly a
threat, especially if you're not a complete idiot. Windows systems
on the other hand, continue to be converted into zombies by the
tens of thousands every day.
Macs are better than windows.
Have a nice day.
can attack a Mac OS X computer without (the Mac OS X) users
intervention. AND not just to a specific driver flaw but to the entire
distribution of computers running Mac OS X. How about some RPC
action? Windows has its ass to the wind and doesn't require any
user intervention to infect unpatched flaws. Oh except for one...
turn the Windows machine on.
is to break into things? Are there researchers out there publishing
how to pick the locks or overcoming the alarm on my home?
Check out www.toool.nl and click on the english version if you need
to. These guys are good at it.
When you say "sole profession is to break into things" it's creepy. If
you look at it as " testing security systems" it's a career.
Lampie
WRONG!!! There are more vulnerabilities for the Mac than for Windows and Linux together.
It IS true that the vast majority of ATTACKS happen on Windows (for obvious reasons) but the fact that the article writer confuses vulnerabilities with attacks doesn't give me much confidence in the article.
Windows and Linux together."
Would you care to back up that statement? Or are you just
whistling Dixie??? Or to quote Shakespeare "Methinks he doth
protest too much", or something to that effect.
You're on more drugs than Keith Richards.
You're on more drugs than Keith Richards.
Windows and OS X down to the level necessary to truly
understand this stuff. And I suspect most of the people posting
here also lack this knowlege.
I do know this though. There has never been a significant
security exploit on OS X, and there have been quite a few on
Windows. If security is a concern for you, then that is a reason to
buy a Mac.
Are Macs invulnerable? No. We'll they always be free of viruses
and security exploits? Probably Not. Is security something you
currently need to worry about on a Mac? No. Is security
something you will need to worry about in the future on a Mac? I
doubt it. While OS X is not likely to retain a 100% success rate
forever, it will very likely remain much more secure than
Windows for the forseeable future.
Mac? No. Is security something you will need to worry about in
the future on a Mac? I doubt it. "
Even if you live in the safest area in the world, you still close
your door and occassionally feel the need to lock it. If you have
any computer, you should consider the security implications. OS
X has more built in security features of a robust nature than
those in Windows. Does this mean that you should not be alert?
NO. Does this mean that there is absolutely no need for
additional security software? NO. If you didnt need to worry at
all, then apple wouldnt sell antvirus software on their own
website.
If you dont at least set up your system to a good degree of
security, then the result will be down to complacency.
I dont say this because Im a windows fanboy. Just the opposite
in fact, but because I own a Mac doesnt mean Im foolish enough
to declare it invincible to the world.
You're right. Probably not. But ignoring the problem is irresponsible too. Apple needs to own up to the issue and fix it. Ignoring it and denying that it exists is just inexcusable. I'm sure they will do the right thing and release a patch for this.
Maybe.
Mac? No."
Well, that all depends on how you chose to define security. Do
you need cultivated paranoia, constantly checking to see that the
sky has not started falling like you do in the Windows world? No.
Do you need vigilance? Yes, of course you do. While there are no
real "exploits" in the traditional sense, there are any number of
social engineering malware scripts, there is the occasional
silliness like W97M.Melissa MS Office macro virus (which DOES
affect macs, though not profoundly) and there are always those
pesky relatives of former Nigerian finance ministers.
Also, just to be nice to those poor soles with Windows, it pays to
be watchful, since, while macs can't currently get any viruses,
they are certainly capable of forwarding them to their Windows
compatriots.
VXers!
they usually look at me like I was at their front door with a bible
and some pamphlets, and you lot are the reason why. Most of
the reasons posted for discounting this "hole" show that the
posters really didn't understand the article, consider the facts, or
click the link to the rest of the story. Someone wrote something
less than flattering about an Apple product, and in come the
Fanboys with their canned rhetoric to drown out the discussion,
not with facts, but with shear volume. For example...
---"Yeah, a corrupt disk image is bad.
BUT IT REQUIRES A LOCAL ACCOUNT ON THE MACHINE."---
What's your point? That it won't work if no user is logged in?
You can stare at the log in screen all day if you want, but I like to
log in and use my computer. Do you have some way of using
yours without logging into a local account? If you do, we all
want to know how you do it.
---"... the cnet folks may actually be so clueless as to believe
that it is a remote exploit just because the data involved can be
pulled over the network. In which case, all attacks on earth
would be considered "remote"."---
Consider the possibility of using the "corrupt DMG" as a trojan
horse, to install code that allows me to own your computer. I
put the file on my website, and you download it, thinking it's
nude desktops of Steve. When you open it, I own your computer
without ever sitting in front of it. That's a remote exploit.
---"Safari automatically opening files was an issue a LONG time
ago. The default setting for Safari for several years has been to
NOT automatically decode files!"---
All an attacker needs to do is get you to download it. If you'll
download it, you'll open it. Safari not required. Do you have any
idea how easy it is to get huge numbers of people to download
something?
---"Besides, what's the worst that can happen? The system
crashes. Period."---
From the article - "... leading to an exploitable memory
corruption condition with potential kernel-mode arbitrary code
execution by unprivileged users," wrote the researcher, who
goes by the initials "LMH.""
What's worse than the system crashing? Code execution by
unprivileged users.
Do you have some reason to believe that LMH is wrong about
the corruption being exploitable? That would be helpful, and a
valid objection to the article, but you didn't mention it.
---"To be fair. The author may not understand exactly what a
disk image file is."---
Do you understand what a stack overflow is? Are you saying
that a "corrupt" DMG file can't cause one? Are you saying that
memory corruption can't be exploited in OSX? That would be
useful information, if you can back it up, and a valid objection to
the article, but you didn't mention it.
Please stop defending Apple and my favorite OS. It is way more
secure than Microsoft's products, but it's not perfect. It's a
known fact that the most insecure component of any system is a
loose nut behind the keyboard. Based on that, The more you
Fanboys post, the more insecure OSX looks.
I don't know how serious this "hole" will turn out to be. Reports
like this have been popping up ever since OSX was released, but
there are still no serious threats to Mac OSX in the wild.
I know two things. I have no proof that it's not true, and the
Fanboys have offered no proof that it's not true.
In my opinion the headline "Attack code targets zero-day Mac
OS flaw" is a bit over the top, but the point of a headline is to
grab your attention, so it's to be expected that headlines are
sometimes like that.
Fanboys,
When it comes to making Mac Users look bad, you are worse
than the critics. Stop helping!
CBWolf, I agree except for one point. Security IS something Mac
OSX users need to worry about. There is more to security than
code exploits.
Lampie The Clown
voice shouting with a raging storm overhead.
A disk image file, to the user, is the same is inserting a CD, or
connecting to a another drive, except that it is done in memory.
These files are not automatically opened, to my knowledge at all.
You have to download it, and it still will do nothing because the
operating system will request your permission to do so. If it
contains an executable, it will ask you again before opening it.
I, as many other here, fail to see this as an exploitable security
issue. It is not an automatic, secret method to download/
install/run ANY kind of code.
If I create a CD, with an auto-run feature, on pre-Vista Windows,
it will execute. On OSX it will not unless I allow it. I can create
any type of program I want to auto-run. There is nothing wrong
with this, and nothing that dis-allows it. It is an extremely
useful method. Just like about everything else in the world,
someone could create a program to perform a malicious act.
It is not usual for a Mac user to go out and download, and install
from "unknown" or "mysterious" disk images. That would be
stupid, so they/we don't. No more than PC users will take a
mysterious CD image, or physical disk, then load and install it
either.
The story here is bogus, as so many have already tried to
explain. I wish some of you would just show a little bit more
intelligence. This goes for the author of this story as well. I
especially love the catchy title, even though it is B.S.
voice shouting with a raging storm overhead.
A disk image file, to the user, is the same is inserting a CD, or
connecting to a another drive, except that it is done in memory.
These files are not automatically opened, to my knowledge at all.
You have to download it, and it still will do nothing because the
operating system will request your permission to do so. If it
contains an executable, it will ask you again before opening it.
I, as many other here, fail to see this as an exploitable security
issue. It is not an automatic, secret method to download/
install/run ANY kind of code.
If I create a CD, with an auto-run feature, on pre-Vista Windows,
it will execute. On OSX it will not unless I allow it. I can create
any type of program I want to auto-run. There is nothing wrong
with this, and nothing that dis-allows it. It is an extremely
useful method. Just like about everything else in the world,
someone could create a program to perform a malicious act.
It is not usual for a Mac user to go out and download, and install
from "unknown" or "mysterious" disk images. That would be
stupid, so they/we don't. No more than PC users will take a
mysterious CD image, or physical disk, then load and install it
either.
The story here is bogus, as so many have already tried to
explain. I wish some of you would just show a little bit more
intelligence. This goes for the author of this story as well. I
especially love the catchy title, even though it is B.S.
opening it."---
If you open a DMG that is designed to corrupt the memory stack,
it won't ask you anything. The concept is that just opening the
disk image will corrupt the memory. Once the stack is corrupt,
the author can direct the kernel to read and run any code they
wish, at the root level, without permission, and without you
knowing.
You can check this by clicking the link in the article, going to the
blog, and downloading an example of the exploit. If you are
right, you will get a pop up window when you try to mount the
DMG. If LMH is right, your computer will probably crash. The
question is, what code did LMH direct the kernel to run before
the crash?
So how confident are you in your opinion? I tried it on a test
machine, and know what happens. Post what happens when you
open the DMG here after you try it, unless you're not confident
enough in OSX to protect against such bogus threats. By the
way, there is no install, executable, or autorun, just mount the
DMG and see what files are inside. It's no different than
inserting a CD or connecting another drive, right?
Looking forward to your answer.
Lampie
opening it."---
If you open a DMG that is designed to corrupt the memory stack,
it won't ask you anything. The concept is that just opening the
disk image will corrupt the memory. Once the stack is corrupt,
the author can direct the kernel to read and run any code they
wish, at the root level, without permission, and without you
knowing.
You can check this by clicking the link in the article, going to the
blog, and downloading an example of the exploit. If you are
right, you will get a pop up window when you try to mount the
DMG. If LMH is right, your computer will probably crash. The
question is, what code did LMH direct the kernel to run before
the crash?
So how confident are you in your opinion? I tried it on a test
machine, and know what happens. Post what happens when you
open the DMG here after you try it, unless you're not confident
enough in OSX to protect against such bogus threats. By the
way, there is no install, executable, or autorun, just mount the
DMG and see what files are inside. It's no different than
inserting a CD or connecting another drive, right?
Looking forward to your answer.
Lampie
Mac OS X maintains special list of "safe" content, which Safari upon clicking on link would automatically download and launch.
PDF & DMG are all listed as safe. Since the files are pretty complicated, marking them as safe is plain stupid. In fact, I had that feature turned off, so Safari was simply downloading files, but not opening them.
- More "National Enquirer" headlines from CNET..
- by imacpwr November 21, 2006 11:50 PM PST
- CNET Quote: "Vulnerabilities in the Mac OS have been rising,
- Reply to this comment
-
-
- What about Linux then!
- by richto November 22, 2006 2:00 AM PST
- Why single out Microsoft. Linux has roughly 3 times the number of security vulnerabilities, and on average they take twice as long to get patched as for Windows.
- View reply
Processing -
- Read the story?
- by Vegaman_Dan November 22, 2006 7:47 AM PST
- I don't think you read the article or misunderstood the words.
-
-
Showing 1 of 2 pages (107 Comments)leading some experts to note that the Macintosh platform is not
impervious to security problems."
And the ONLY OS that IS impervious to security problems
is......????
I thought so..
Come on CNET, lets keep things in perspective. The Mac with a
half dozen or so security problems to Windows hundreds of
thousands. If you're now going to label the Mac as "impervious
to security problems" then you need to openly label Windows as
a "MAJOR SECURITY RISK" and advise readers to avoid Microsoft
products at all costs..!!
They don't mention Windows or Microsoft. Why are you?
Please go back and reread the article. It might help if you read the words this time.