updated 08:30 am EST, Fri January 12, 2007
Unpatched Safari flaw
LMH has reported an unpatched vulnerability in Safari that could result in remote code execution. Malicious users could exploit the flaw, which stems from an integer overflow error in the "ffs_mountfs()" function when handling UFS filesystem disc images, to cause a heap-based buffer overflow from a specially crafted UFS DMG image. Secunia notes that successful exploitation of the vulnerability could allow attackers to execute arbitrary code. The firm adds that the flaw is only remotely exploitable via Apple's Safari Web browser, and only when the "Open safe files after downloading" option is enabled. The vulnerability is known to affect Mac OS X 10.4.8, but may afflict other versions of Mac OS X as well. Users can prevent exploitation by disabling the "Open safe files after downloading" option, and by granting system access only to trusted users.