Apple Mac OS X Disk Images Component Mounting 'bzip2' Image Remote Code Execution Vulnerability

Apple Mac OS X is prone to a remote code-execution vulnerability because the Disk Images component fails to properly handle 'bzip2' compressed disk images.

Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.

The following are vulnerable:

Mac OS X 10.5.8
Mac OS X Server 10.5.8
Mac OS X 10.6 through 10.6.2
Mac OS X Server 10.6 through 10.6.2

NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.


Privacy Statement
Copyright 2010, SecurityFocus