toggle

AAPL Stock: 433.26 ( 0 )

http://www.macnn.com/articles/07/01/12/unpatched.safari.flaw/

Unpatched Safari vulnerability surfaces

updated 08:30 am EST, Fri January 12, 2007

 

Unpatched Safari flaw


LMH has reported an unpatched vulnerability in Safari that could result in remote code execution. Malicious users could exploit the flaw, which stems from an integer overflow error in the "ffs_mountfs()" function when handling UFS filesystem disc images, to cause a heap-based buffer overflow from a specially crafted UFS DMG image. Secunia notes that successful exploitation of the vulnerability could allow attackers to execute arbitrary code. The firm adds that the flaw is only remotely exploitable via Apple's Safari Web browser, and only when the "Open safe files after downloading" option is enabled. The vulnerability is known to affect Mac OS X 10.4.8, but may afflict other versions of Mac OS X as well. Users can prevent exploitation by disabling the "Open safe files after downloading" option, and by granting system access only to trusted users.


by MacNN Staff

Post tools:

TAGS :

 troubleshooting

Related Articles

Recent Articles

toggle

Comments

  1. Sprocket

    Fresh-Faced Recruit

    Joined: May 2002

    0
    01/12, 09:01am | report spam | Reply |

    Must be a slow 'hype'

    day for LMH and Secunia if "Users can prevent exploitation by disabling the "Open safe files after downloading" option, and by granting system access only to trusted users." is the fix.

    I'm surprised, though, that this fix STILL isn't the default after we went through this similar issue last year. Wake up, Apple!

  1. Horsepoo!!!

    Banned

    Joined: Jun 2003

    0
    01/12, 09:10am | report spam | Reply |

    Not a Safari vuln

    That's not a Safari vulnerability...that's a ffs_mountfs() vulnerability.

  1. mitchcohen

    Fresh-Faced Recruit

    Joined: Aug 2005

    0
    01/12, 11:02am | report spam | Reply |

    UFS?

    Ok, show of hands on those who have UFS installed on their Macs? Nope, didn't think so. :-)

    The report above (and likely, LMH) fails to mention Macs drives come formatted as HFS+, not UFS. One would have to reformat their boot drive as UFS (and have a reason for doing so) before being potentially susceptible to this issue. And with extremely few users requiring UFS, and with lots of trouble running regular Mac apps on UFS, it's an extremely rare file system for Mac users. Mostly certain limited server needs and unix development people.

  1. ::maroma::

    Addicted to MacNN

    Joined: Jan 2002

    0
    01/12, 11:34am | report spam | Reply |

    "unpatched" vulnerability

    = redundant.

    Of course its unpatched, otherwise the vulnerability wouldn't be there, would it?

    Duh?

  1. Person Man

    Professional Poster

    Joined: Jun 2001

    0
    01/12, 11:59am | report spam | Reply |

    mitchcohen, you don't...

    ...understand.

    They are talking about disk images formatted as UFS. Not your drive. The disk image has to be formatted as UFS and the headers have to be corrupted to trigger the bug.

    Big difference. We ARE vulnerable, whether our drives are formatted as HFS+ or not.

  1. UberFu

    Fresh-Faced Recruit

    Joined: Oct 2002

    0
    01/12, 12:19pm | report spam | Reply |

    Wow - I have to...

    do a whole lot to avoid this [read - absolutely nothing]

    person man.....

    not really mitchcohen was on the right track just wrong direction_

    Standard default for disk image creation on a Mac system for most Apps that create these types of files is HFS+

    So a user has to change a setting manually to create a UFS formatted image to begin with_

    Preventative medicine on this is to watch what you download and uncheck the "open safe files after downloading" box_ brain surgery_

    Let me know when there's something out there worth my time_

  1. testudo

    Forum Regular

    Joined: Aug 2001

    0
    01/12, 12:56pm | report spam | Reply |

    Re: wow

    Amazing, uberfu, you've completely missed it as bad as mitchcohen. Its not about disk images YOU create, but those created by others.

    Your argument could be taken that most Windows problems aren't problems, because "who would type in a specially crafted URL into a browser window to begin with?".

  1. test22

    Fresh-Faced Recruit

    Joined: Jul 2006

    0
    01/15, 04:35am | report spam | Reply |

    test comments valu

    test comments valu

  1. test22

    Fresh-Faced Recruit

    Joined: Jul 2006

    0
    01/15, 04:35am | report spam | Reply |

    tets

    tes

  1. test22

    Fresh-Faced Recruit

    Joined: Jul 2006

    0
    01/15, 04:37am | report spam | Reply |

    test comments1111

    test comments11311

Show More Comments

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

toggle

Most Commented

 

Popular News