Exploit, Safari users

Security researchers have published an exploit that targets an unpatched kernel vulnerability in Mac OS X which could allow malware developers to take advantage of how Apple's Safari Web browser downloads online image files, and could lead to arbitrary code execution. The new exploit was revealed as part of the "Month of Kernel Bugs," according to eWeek.com, and details the steps necessary for attackers to take advantage of the vulnerability. "Mac OS X fails to properly handle corrupted image structures, leading to an exploitable denial of service condition," wrote the security researcher who discovered the flaw. "Although it hasn't been checked further, memory corruption is present under certain conditions." Security researchers at Secunia rated the exploit as "highly critical," which is the company's second most severe threat ranking, saying that local users could exploit the bug to gain escalated privileges or utilized by malware writers to compromise a vulnerable system. The vulnerability is caused by an error in the Mac OS X AppleDiskImageController, which surfaces when the system handles corrupted image files, according to the report.

by MacNN Staff