Apple Mac OS : Highly Critical Vulnerability
Wednesday, 22. November 2006, 21:06:31
Apple Mac OS X UDIF Memory Corruption Vulnerability
- Highly critical - From remote
Issued 1 day ago. Updated 12 hours ago.
LMH has reported a vulnerability in Mac OS X, which potentially can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a vulnerable system.
Secunia Advisory: SA23012
Release Date: 2006-11-21
Last Update: 2006-11-22
Critical: Highly critical
Impact: Privilege escalation
DoS
System access
Where: From remote
Solution Status: Unpatched
CVE reference: CVE-2006-6061 (Secunia mirror)
CVE-2006-6062 (Secunia mirror)
This advisory is currently marked as unpatched! - Companies can be alerted when a patch is released!
Description:
LMH has reported a vulnerability in Mac OS X, which potentially can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error in com.apple.AppleDiskImageController when handling corrupted DMG image structures. This can be exploited to cause a memory corruption and may allow execution of arbitrary code in kernel-mode.
The vulnerability is reported in a fully patched Mac OS X (2006-11-20). Other versions may also be affected.
Solution:
Deactivate the option "opening safe files after downloading" in the preferences and grant only trusted users access to affected systems.
You must be logged in to write a comment. if you're not a registered member, please 
(25%)
