Mac OS X Flaw Exposes Safari Users

The flaw was uncovered as part of the Month of Apple Bugs project, which kicked off at the beginning of the month with the goal of discovering one vulnerability or flaw per day. Thus far, the researchers have uncovered 10 or so flaws.

Apple's operating system vulnerability, which impacts Mac OS X 10.4.8 and possibly earlier versions, has been confirmed by other Internet security firms along with a proof of concept code that the project has also released.

The vulnerability is caused due to an integer overflow error in the "ffs_mountfs()" function when handling UFS (Unix file system) disc images, according to an advisory by Internet security firm Secunia . This can be exploited to cause a heap-based buffer overflow via a specially crafted UFS DMG image, Secunia noted, allowing the execution of arbitrary code.

Some Good News

The good news is that users can rid their systems of the vulnerability, Patrick Hinojosa, CTO of CyberDefender, told MacNewsWorld. "Users can disable the setting as a work around until a patch is released."

The vulnerability is only remotely exploitable when the "opening safe files after downloading" option is enabled, Secunia reported. However, Hinojosa said, "Anything automated like that isn't well secured. This type of feature should always require a user prompt."

This newly discovered flaw adds to a growing body of evidence that Apple's computer products may not be as secure as once thought.

Last year, the company's reputation took a hit when the first Mac-specific worms began circulating on the Internet, at least one of which unveiled another vulnerability in Safari.

Hackers and malware creators have largely concentrated their efforts on circumventing Windows. However, as Mac's market share increases, especially among corporates, this is changing.

New Users Most Vulnerable

Apple's once spotless image as a secure computing environment will mean that these newer users -- as opposed to its hard-core, consumer-savvy base -- will be even less likely to have appropriate protections in place.

"It is part of a continuing trend," Hinojosa noted. "I have seen more hackers probing OS X far more often than in previous years."

Despite Apple's market share gains, its overall presence among consumers remains very small -- a still less-than-tempting target for hackers .

Instead of generating mass worms, Hinojosa speculated, hackers are more likely to target Apple-specific sites. "That would be the most efficient way of exploiting this user base," he claimed.

A vulnerability in any operating system -- be it OS X or Windows -- is a serious exposure, Kaspersky Lab's Senior Technical Consultant Shane Coursen told MacNewsWorld.

"The flaws themselves are rated or accessed individually. That doesn't change Apple's position though -- it is an OS provider and like any other OS provider today is vulnerable to attack," he stated.

Responsible Disclosure

So far, about 10 vulnerabilities have been uncovered in Apple's products this month, and more are expected to be announced over the next two weeks. Month of Apple Bugs was launched by independent security researcher Kevin Finisterre and another researcher identified only as LMH.

Their goal, they stated, is to highlight vulnerabilities in Apple's products, especially as the company is not as forthcoming as it might be. This complaint has been voiced before about Apple by some Internet security providers.

At the same time, however, many in the Internet security industry are aghast at the road map to the discovered vulnerabilities the researchers are providing hackers.

Kevin Finisterre's Month of Apple Bugs is a continuation of attempts to raise the profile of the full disclosure versus responsible disclosure debate in the Internet security industry, Symantec (Nasdaq: SYMC) noted in a statement. Symantec has always followed responsible disclosure practices and believes it is the best way to serve its customers and to protect the computing public.