Mac OS X Vulnerable To Unpatched Bugs - InformationWeek
Software // Enterprise Applications
02:11 PM

Mac OS X Vulnerable To Unpatched Bugs

Security researchers have disclosed flaws in the Mac OS X operating system that allow attackers to crash the computer and possibly hijack it.

Security researchers have disclosed flaws in Apple Computer's Mac OS X operating system that allow attackers to crash the computer and possibly hijack it. Although some experts pegged the bugs as serious, others downplayed the threat.

On Monday, the "Month of Kernel Bugs" project, a month-long disclosure of operating system flaws, announced that a bug in Mac OS X's processing of DMG files -- disk images typically used to distribute software for the Mac -- could be exploited to crash a target machine. There also was the possibility that attackers could introduce additional malicious code to the compromised system to, for example, snatch control from its legitimate user.

Tuesday, the kernel bug campaign posted another Mac OS X flaw; the second bug, which also can be exploited via a malformed DMG file, involves how the operating system handles bad sectors in a disk image. A crash would be the likely result, said the online description of the flaw.

The bugs are more serious than other Mac vulnerabilities made public recently, said Symantec's Oliver Friedrichs, the director of the Cupertino, Calif., security company's security response team. "This is likely more serious because it is exploitable through the Safari browser," said Friedrichs. "Whenever there's a vulnerability in the browser, [hackers] exploit it rather quickly."

Mac users running Apple's Safari Web browser are in danger because by default the application will automatically open any downloaded DMG file. Attackers would need to entice users to a malicious Web site and convince them to download a file, however.

Danish bug tracker Secunia rated the Monday vulnerability as "Highly critical," but Friedrichs didn't think there was much cause for alarm. "We're seeing more Mac vulnerabilities, but we don't yet see active exploits. Mac users still have the luxury of not being targeted by hackers."

That pattern is often cited by Mac defenders, who admit the operating system has vulnerabilities. But they note that attackers rarely follow up with actual in-the-wild threats.

Friedrichs agreed with that position, but reminded Mac users that an exploit could appear at any time. "Mac users have a false sense of security," he said. "There's no guarantee that this will not be exploited, or even seen in targeted attacks."

Safari users can protect themselves by disabling the automatic opening of downloaded files. To turn off the features, users should select File|Preferences, then under the General tab clear the box marked "Open 'safe' files after downloading."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll