|
|
Focus on Apple
Re: .dmg file exploit Nov 21 2006 09:08PM mfossi securityfocus com (2 replies) Re: .dmg file exploit Nov 21 2006 09:49PM Roland Dobbins (rdobbins cisco com) (2 replies) Re: .dmg file exploit Nov 22 2006 03:25PM mfossi securityfocus com (1 replies) Re: .dmg file exploit Nov 22 2006 04:04PM Roland Dobbins (rdobbins cisco com) (1 replies) Re: .dmg file exploit Nov 22 2006 06:02PM Martin Roesch (roesch sourcefire com) (3 replies) Re: .dmg file exploit Nov 22 2006 06:40PM Jeramey Valley (ValleyJR mps k12 mi us) (1 replies) Re: .dmg file exploit Nov 22 2006 06:37PM Roland Dobbins (rdobbins cisco com) (1 replies) |
|
Privacy Statement |
On 22 Nov 2006, at 8:45pm, Roland Dobbins wrote:
> On Nov 22, 2006, at 12:29 PM, Martin Roesch wrote:
>
>> It'd also be nice to know exactly what the problem is... :)
>
> Here are the MOKB examples, with sample .dmgs linked:
>
> http://projects.info-pull.com/mokb/MOKB-20-11-2006.html
>
> http://projects.info-pull.com/mokb/MOKB-21-11-2006.html
At last, someone did the actual research. I'd be stunned if anyone
managed to get either of these problems to allow execution of
arbitrary code. Even for the first one, because of the interior
workings of OS X there's no way to tell where your arbitary code
would be put in memory, so there's no obvious way to trigger its
execution. The most I'd expect is panics or obvious memory corruption.
For at least one of them, probably both, the only people who can fix
the problem are Apple, and in both cases the fix is relatively easy.
I'd expect them to be fixed in 10.4.9.
Simon
--
Simon Slavin Fylde Building Room C11
Computing Development Officer 01524 65201 x 93569
Psychology Department
University of Lancaster
[ reply ]