Security firm Secunia has posted an advisory about a potential Mac OS X UDIF Memory Corruption Vulnerability. The original source of the report states that the vulnerability is present on a fully-patched Intel-based Mac.
The report states: “The vulnerability is caused due to an error in com.apple.AppleDiskImageController when handling corrupted DMG image structures. This can be exploited to cause a memory corruption and may allow execution of arbitrary code in kernel-mode.”
This vulnerability “potentially can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a vulnerable system,” according to Secunia.
Just how serious is this threat? While the risk posed by security holes should never be dismissed, the vulnerability described by Secunia is relatively easy to eliminate. As long as you’ve disabled the opening of safe files after downloading, you should be relatively safe.
Keep in mind, however, that whenever you download and install anything (from a disk image or not), you’re trusting the author of the code on that disk image — especially if it requires you to run an installer or asks for your admin password.
To disable the opening of safe files in the Safari Web browser, select the Safari menu, and choose Preferences. Click on the General option and uncheck the “Open ‘safe’ files after downloading” box. By default, that box is unchecked.
This new issue echoes a problem that first came to light in 2005 with Mac OS X v10.4’s then-novel Dashboard technology. By default, Safari 2.0 would open safe files after downloading, and a programmer demonstrated that Dashboard widgets could be arbitrarily installed that way. A similar problem was later reported earlier this year involving shell script execution from a Web page. In both cases, the problems could be prevented by making sure “Open ‘safe’ files’ after download” is turned off.