Attack code targets zero-day Mac OS X flaw
A security researcher has published attack code for an unpatched flaw in Mac OS X, the latest vulnerability in the “Month of Kernel Bugs” campaign.
The proof-of-concept code exploits a security hole in the way Apple Computer’s operating system handles disk image files, the researcher wrote Monday on a blog devoted to the campaign, which promises to reveal details of a new flaw in low-level software every day this month.
“Mac OS X com.apple.AppleDiskImageController fails to properly handle corrupted DMG (disk image) image structures, leading to an exploitable memory corruption condition with potential kernel-mode arbitrary code execution by unprivileged users,” wrote the researcher, who goes by the initials “LMH.”
Source: News.com