Apple DMG Overflow Vulnerability
Author: Dave Lewis
Well, that didn’t take too long. It’s only been 48 hours since the iPhone (bite me Cisco) was released that we see a new vulnerability released for the OS X operating system. The month of bugs seems to be progressing even though this had been allegedly called off at one point.
The ffs_mountfs() function, part of the UFS filesystem handling code (shared between FreeBSD and Mac OS X XNU) is affected by an integer overflow vulnerability, leading to an exploitable denial of service condition and potential arbitrary code execution.This issue is related to those published in the UFS code as part of the Month of Kernel Bugs, and the set of DMG flaws that couldn’t make it to the MoKB schedule. As DMG encapsulates filesystem streams, most of the bugs existent in the FreeBSD kernel sources tree can be abused in Mac OS X’s XNU via rogue DMG images.
Tags: Apple Security, Mac, Vulnerability, Integer Overflow, Apple DMG
