Revealing attack code for zero-day errors Mac OS X

Latest results of HD Moore's " Month of Privacy Security " project is a code that exploits a zero-day security error in Mac OS X.

Independent security researcher Moore said the newly discovered security vulnerability is related to how Mac OS X handles disk image files (image disks).

" The com.apple.AppleDiskImageController part of Mac OS X cannot handle a corrupted DMG image file giving rise to a buffer overflow that allows an attacker to execute binary code on the system. system only needs user access (user) , "HD Moore writes on the project blog" Month of Privacy Security Months ".

This security error can be exploited remotely because Apple Safari web browser can download a DMG file from another source, for example when a user accesses a URL page for example. This means hackers can remotely attack and "kidnap" the user's system.

Secunia classified this security error as "extremely dangerous". At the same time, the security vendor warns that this security error can also be exploited by local users to increase access to the system.

Apple representatives do not have any comment on this issue.

HD Moore said users can prevent attacks by taking advantage of the above security flaws by changing the Preferences settings and activating the alert feature before downloading the file.

Hoang Dung