Mac OS X/Safari DMG vulnerability reported: Turn off automatic opening of "safe" files to prevent
Mac OS X/Safari DMG vulnerability reported: Turn off automatic opening of "safe" files to prevent
[posted Tuesday, November 21st]
FrSIRT (the French Security Incident Response Team) reports on a newly demonstrated flaw affecting versions of Safari in Mac OS X 10.4.8 and prior where maliciously crafted disk images -- which are used to distribute most Mac OS X software packages -- can allow an attacker to crash or gain control of the target system.
The reported workaround for this issue is to turn off the "Open safe files after downloading" option in Safari as follows:
- Open Safari
- Open "Preferences" under the "Safari" menu
- Click on the "General" tab at the top
- Un-check the "Open 'safe' files after downloading" box
- Close Safari's preferences
Note that your system will still experience a kernel panic if you double-click the downloaded malicious disk image in order to mount it.
FrSIRT has rated this vulnerability critical.
This page has a copy of the actual exploit. We were able to replicate a kernel panic in-house on an Intel-based iMac. Interestingly, when the crash occurs, it has the markings of a kernel panic (screen dimming in a downward wash fashion), but the actual kernel panic screen does not appear.
Also, we've received reports indicating that this flaw does not affect pre-release developer-only editions of Mac OS X 10.5 (Leopard). On these systems, mounting of the malicious disk image simply fails.
Feedback? Late-breakers@macfixit.com.
Resources