The Apple Mac OS X “com.apple.AppleDiskImageController” Memory Corruption Vulnerability” isn’t a security flaw at all, let alone a critical, highly critical, or warn-everyone-via-the-BBC type event,” Alastair J. Houghton reports for Alastair’s Place.
Houghton reports, “Now, I should say, that I’m wary of suggesting that disk images are totally safe. There’s a lot of code involved in mounting and reading/writing a disk image, and quite a bit of that runs in kernel mode. But I am pretty peeved at the way that this issue has been so widely publicised, attracting a great deal of attention for lmh and MoKB, when in actual fact there is no such security flaw.”
The Apple Mac OS X “com.apple.AppleDiskImageController” Memory Corruption Vulnerability” is nothing more than a “bug that causes a kernel panic. Not a security flaw. Not a memory corruption bug. Just a completely orderly kernel panic. There aren’t even any processor exceptions involved; the path to the panic is perfectly normal non-exceptional code using ordinary function calls,” Houghton reports.
Full article here.
[Thanks to MacDailyNews Reader “Macaday” for the heads up.]
Related articles:
BBC covers Mac OS X ‘DMG bug’ – sort of – November 27, 2006
Mac OS X/Safari DMG vulnerability reported: Turn off automatic opening of ‘safe’ files to prevent – November 21, 2006
kernel panic! at the disco
Hey its the BBC, so right there you know they are biased.
kernel panic in the library with the candlestick.
The flaw’s a bug, now aint that a kicker. I’m a happy Mac user once again….
FUD is not what it was before. It was needed days and days of heated discussion to finally uncover FUD machines at work as they actually were: BS.
It is getting faster. Good.
FUD put to rest. Still, remains the issue: When idiotic pundits will stop to be fear mongers with Apple users community?
In fact, Colonel Panic was recently demoted after this incident. He’s now only Major Panic.
My bag of Jiffy-pop popcorn experienced a kernel panic one time in the microwave. Tough stuff to watch…
“kernel panic! at the disco”
let’s groove…
So, if it’s “just a normal bug”, is he saying that it doesn’t give elevated privileges to an attacker?
Apple will have this squashed in an update. And until then, unless someone out there actually tries to exploit this, there’s nothing to worry about.
why is there a link to an AOL service that doesn’t even support macintosh computers on this site???
gmeance,
Not every visitor to this site is using a Mac… yet.
Kajl,
Then its a good thing that they don’t know when you click on the AOL ad with a default Mac setup you get, “Player is not supported by macintosh” that would sure make them stick with their PC a little longer. Oops.
Again, why is there a link to AOL on this site?
where’s zune tang? I need some laughs!
Personally I’m plagued by a lot of Private Panics.
It’s still a denial of service attack, in a sense.
“In fact, Colonel Panic was recently demoted after this incident. He’s now only Major Panic.”
Good one Jimbo, laughed my butt off!
” width=”19″ height=”19″ alt=”LOL” style=”border:0;” />
Just hope he’s not promoted to General Panic!
get a CLUE – it was Colonel Panic up the bunghole with a candlestick
Jimbo, I laughed my butt off too. I just put it back on. But, don’t change your day job yet. You must repeat atleast three times before I will become your agent. ” width=”19″ height=”19″ alt=”LOL” style=”border:0;” />
I just read through the full article and followed the link over to the MoKB blog site. The dialogue that comes out of Imh is pathetically childish and incredibly condescending. He spends more time name calling than he does supporting his claims.
He obviously does not know what he’s talking about and has an incredibly hard time with anyone questioning him.
Perhaps behind closed doors he’s Private Panic.
“So, if it’s “just a normal bug”, is he saying that it doesn’t give elevated privileges to an attacker?”
sigh. A kernel panic brings the whole system to a crashing halt, it’s the Mac version of BSOD.
Ain’t NOBODY got elevated privileges then.
This also means that BBC’s journalistic integrity is also debunked, regardless what code of ethics and standards of professionalism they purport to observe.
The BBC’s “journalistic integrity” has been down in the gutter along with CBS and others of that ilk that like to create slanted “news” stories for quite some time now, so this is certainly no surprise.
I wish I had a pretty kernel panic instead of an ugly blue screen.
Welcome to the social.
Huh, I had a feeling that someone would come along and tell us what we already knew. It seems that most of these so called security flaws are just flawed reports by people who think they can fool us or something. The facts always prove otherwise. ” width=”19″ height=”19″ alt=”tongue wink” style=”border:0;” />