The Apple Mac OS X “com.apple.AppleDiskImageController” Memory Corruption Vulnerability” isn’t a security flaw at all, let alone a critical, highly critical, or warn-everyone-via-the-BBC type event,” Alastair J. Houghton reports for Alastair’s Place.
Houghton reports, “Now, I should say, that I’m wary of suggesting that disk images are totally safe. There’s a lot of code involved in mounting and reading/writing a disk image, and quite a bit of that runs in kernel mode. But I am pretty peeved at the way that this issue has been so widely publicised, attracting a great deal of attention for lmh and MoKB, when in actual fact there is no such security flaw.”
The Apple Mac OS X “com.apple.AppleDiskImageController” Memory Corruption Vulnerability” is nothing more than a “bug that causes a kernel panic. Not a security flaw. Not a memory corruption bug. Just a completely orderly kernel panic. There aren’t even any processor exceptions involved; the path to the panic is perfectly normal non-exceptional code using ordinary function calls,” Houghton reports.
Full article here.
[Thanks to MacDailyNews Reader “Macaday” for the heads up.]
BBC covers Mac OS X ‘DMG bug’ – sort of – November 27, 2006
Mac OS X/Safari DMG vulnerability reported: Turn off automatic opening of ‘safe’ files to prevent – November 21, 2006