Monday, April 20, 2009

Mac Proof-of-Concept Code In The Wild: Malicious Disk Images

Proof-of-concept source code has been released to the public for the five Mac OS X kernel vulnerabilities that were discovered last month. One of these vulnerabilities involves maliciously crafted HFS disk images, meaning that it would be fairly simple for a Mac malware developer to begin distributing disk images (typically .dmg files) that when mounted could do a number of harmful things to the system. Unlike most Mac malware, this exploit would not require the user to enter an administrator password in order to execute and cause damage.

The code has been tested against Tiger and Leopard, and reportedly works against pre-release versions of Snow Leopard as well.

None of the major antivirus engines utilized by or currently detects the proof-of-concept code as malicious. Intego, a Mac-only antivirus vendor which does not provide an online scanner, claims that its VirusBarrier X5 product can "protect against the possible use of this flaw" as of a few days ago.

Apple is aware of this and the four other kernel vulnerabilities, but has not yet released a Mac OS X security update to address these issues.

No comments:

Post a Comment

Comment moderation is enabled. (If you wish to contact Josh privately, you can leave a comment and ask that it not be published.)