|
Focus on Apple
Re: .dmg file exploit Nov 21 2006 09:08PM mfossi securityfocus com (2 replies) Re: .dmg file exploit Nov 21 2006 09:49PM Roland Dobbins (rdobbins cisco com) (2 replies) Re: .dmg file exploit Nov 22 2006 03:25PM mfossi securityfocus com (1 replies) Re: .dmg file exploit Nov 22 2006 04:04PM Roland Dobbins (rdobbins cisco com) (1 replies) Re: .dmg file exploit Nov 22 2006 06:02PM Martin Roesch (roesch sourcefire com) (3 replies) Re: .dmg file exploit Nov 22 2006 06:40PM Jeramey Valley (ValleyJR mps k12 mi us) (1 replies) Re: .dmg file exploit Nov 22 2006 06:37PM Roland Dobbins (rdobbins cisco com) (1 replies) Re: .dmg file exploit Nov 22 2006 08:29PM Martin Roesch (roesch sourcefire com) (2 replies) Re: .dmg file exploit Nov 22 2006 08:45PM Roland Dobbins (rdobbins cisco com) (1 replies) |
|
|
Privacy Statement |
> Simon... I thought we established several posts ago that you had no
> place commenting on how exploitable something is or is not? Seriously
> dude... ever hear of gdb? does 'target remote-kdp' mean anything to you?
Does that disqualify Simon from expressing his opinion? However, if you
really want to be convincing over its exploitability, demonstration is the
only real evidence worth considering.
>> For at least one of them, probably both, the only people who can fix
>> the problem are Apple, and in both cases the fix is relatively easy.
>> I'd expect them to be fixed in 10.4.9.
> I expect lots of bugs I submit to them to be patched on my schedule...
> the fact of the matter is they will fix it when they feel like it.
That makes Apple sound completely irresponsible in security matters, which
is hardly accurate. I would be very surprised if they were not taking it
seriously, although that does not guarantee that they will be able to fix it
in time for the next update. Only time will tell.
However, I am a little puzzled at how what has been reported so far is
viewed as an exploitable and critical security flaw. That seems to me to
ignore user behaviour.
Users download .dmg files in order to mount them and install their contents.
They don't download them to view them in a movie viewer, or to ornament
their desktops. *If* someone were to exploit the current bug, then they
would hit the user immediately after the download was complete, when the
.dmg was mounted, with a payload that (if they could exploit beyond a panic)
would need to be fairly carefully crafted.
.dmg files tend to contain one of two things: an installer package, which
users almost invariably double-click without a second thought, or separate
applications and supporting files, which users almost invariably copy
straight to their startup disks and run.
I'm obviously being stupid, but wouldn't it be far easier and give much
greater scope to put a trojan into an installer package or as a
ready-to-copy application, in a .dmg file, rather than faff around with the
intricacies of an undocumented file format and the chances of exploiting
this bug successfully?
I'm not saying that the bug isn't a significant vulnerability, or that it
does not need to be fixed, but wouldn't successful exploitation of it be
perversely and wholly unnecessarily complex?
Howard.
Dr Howard Oakley
The Works columnist for MacUser magazine (UK)
http://www.macuser.co.uk/
http://www.howardoakley.com/
[ reply ]