Mac OS X/Safari DMG vulnerability reported: Turn off automatic opening of ‘safe’ files to prevent

“FrSIRT (the French Security Incident Response Team) reports on a newly demonstrated flaw affecting versions of Safari in Mac OS X 10.4.8 and prior where maliciously crafted disk images — which are used to distribute most Mac OS X software packages — can allow an attacker to crash or gain control of the target system,” MacFixIt reports.

The reported workaround for this issue is to turn off the “Open safe files after downloading” option in Safari as follows:
1. Open Safari
2. Open “Preferences” under the “Safari” menu
3. Click on the “General” tab at the top
4. Un-check the “Open ‘safe’ files after downloading” box
5. Close Safari’s preferences

MacFixIt reports, “Note that your system will still experience a kernel panic if you double-click the downloaded malicious disk image in order to mount it.”

Full article with links here.

MacDailyNews Note: As usual, do not download links from untrusted sources.

MacDailyNews Note: 8:30pm EST: We have banned the posting of links to .dmg files in the “Reader Feedback” section.

Related MacDailyNews article:
Mac OS X flaw crashes Safari, Finder – March 29, 2006
Safari web browser auto executes shell scripts; disable ‘Open ‘safe’ files after downloading’ option – February 21, 2006

52 Comments

  1. Well, a few hours ago my system crashed after it downloaded a file called MOKB-20.dmg. And I mean ‘it’ downloaded a file because I did not. I was away from my iMac for a few minutes. Ironicaly, Safari was open on … MDN. Be carefull!

  2. This is not news. Anyone can “craft” poorly written software that causes a crash or kernel panic, etc. Anyone that’s used a computer for more than a few years has surely run across this kind of bad programming and the resultant hangs, etc.

    What will be news is if/when someone uses this purposefully and in order to harm another user’s computer. DMGs are, of course, a good mode of distribution, especially if auto-mount is active in Safari.

    just my 2c

  3. People are going to make a big deal out of this, but it’s dumb. Does whoever opens this unknown image also be told not to swallow nails?

    Sorry, eaxit. Let me direct you to the emergency room… ” width=”19″ height=”19″ alt=”rolleyes” style=”border:0;” />

  4. Kinda weird having this file linked in posts on this very site a few threads ago. Open safe is turned off already on my computer. I’m guessing that Symantec and MS are going to be getting very creative to try and blunt the Apple sales juggernaut this holiday season. This is just a first salvo.

  5. Remember when any app could freeze the entire OS? heheheh

    So, some group releases a kernel freeze every month, and someone around here just puts it up for a download with a name like, Cheap Macbook Pro!?

    Sounds juvenile.

  6. I remember this “fix” from a few years ago, then I thought Apple changed something where you could now leave it on.

    Just remember, to turn it back on if you’re downloading a widget and want it to load itself into your Library > Widgets folder. Then remember to turn it off again. Or you’ll have to drag and drop it yourself.

  7. Anthony: “So is this actually a virus?”

    Nope. What it is is a corrupt dmg file that causes the dmg mounter application to crash. Being part of the kernel it therefore causes a “kernel panic”, Apple’s label for a crashed kernel. (kernel = guts of the MacOS)

    Wake me when someone figures out a way to crash the kernel in such a way that they cause it to execute their own code.

    Wake me with a hammer when someone can do that without me asking for it.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.