Security business firm Secunia has posted an advisory about a potentialMac O X UDIF Memory Corruption Vulnerability . The original source of the report say that the vulnerability is present on a fully - patched Intel - found Mac .
The paper states : “ The vulnerability is caused due to an error in com.apple . AppleDiskImageController when handling corrupted DMG image structures . This can be exploited to cause a retentivity corruption and may allow death penalty of arbitrary code in kernel - mode . ”
This vulnerability “ potentially can be exploited by malicious , local users to gain escalated privileges or by malicious people to compromise a vulnerable organisation , ” harmonise to Secunia .
Just how serious is this menace ? While the risk gravel by security holes should never be dismissed , the vulnerability described by Secunia is comparatively easy to eliminate . As long as you ’ve turn off the opening of dependable file after downloading , you should be relatively safe .
Keep in mind , however , that whenever you download and put in anything ( from a disk look-alike or not ) , you ’re trust the author of the code on that disk prototype — specially if it requires you to run an installer or asks for your admin password .
To deactivate the opening of safe files in the Safari Web web web browser , choose the Safari carte du jour , and choose Preferences . penetrate on the General choice and uncheck the “ Open ‘ secure ’ data file after downloading ” boxful . By default , that box is ungoverned .
This new take echoes a problem that first fare to light in 2005 with Mac OS X v10.4 ’s then - novel Dashboard technology . By default , Safari 2.0 would open safe files after downloading , and a programmer demonstrated that Dashboard widgets could be at random install that way . A similar problem was later reported sooner this year take shell handwriting execution from a Web page . In both suit , the problem could be prevented by get sure “ Open ‘ dependable ’ filing cabinet ’ after download ” is turned off .
