Apple Mac OS X/Safari DMG vulnerability debunked

The Apple Mac OS X “com.apple.AppleDiskImageController” Memory Corruption Vulnerability” isn’t a security flaw at all, let alone a critical, highly critical, or warn-everyone-via-the-BBC type event,” Alastair J. Houghton reports for Alastair’s Place.

Houghton reports, “Now, I should say, that I’m wary of suggesting that disk images are totally safe. There’s a lot of code involved in mounting and reading/writing a disk image, and quite a bit of that runs in kernel mode. But I am pretty peeved at the way that this issue has been so widely publicised, attracting a great deal of attention for lmh and MoKB, when in actual fact there is no such security flaw.”

The Apple Mac OS X “com.apple.AppleDiskImageController” Memory Corruption Vulnerability” is nothing more than a “bug that causes a kernel panic. Not a security flaw. Not a memory corruption bug. Just a completely orderly kernel panic. There aren’t even any processor exceptions involved; the path to the panic is perfectly normal non-exceptional code using ordinary function calls,” Houghton reports.

Full article here.

[Thanks to MacDailyNews Reader “Macaday” for the heads up.]

Related articles:
BBC covers Mac OS X ‘DMG bug’ – sort of – November 27, 2006
Mac OS X/Safari DMG vulnerability reported: Turn off automatic opening of ‘safe’ files to prevent – November 21, 2006

42 Comments

  1. FUD is not what it was before. It was needed days and days of heated discussion to finally uncover FUD machines at work as they actually were: BS.

    It is getting faster. Good.

    FUD put to rest. Still, remains the issue: When idiotic pundits will stop to be fear mongers with Apple users community?

  2. So, if it’s “just a normal bug”, is he saying that it doesn’t give elevated privileges to an attacker?

    Apple will have this squashed in an update. And until then, unless someone out there actually tries to exploit this, there’s nothing to worry about.

  3. Kajl,

    Then its a good thing that they don’t know when you click on the AOL ad with a default Mac setup you get, “Player is not supported by macintosh” that would sure make them stick with their PC a little longer. Oops.

    Again, why is there a link to AOL on this site?

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.