Showing posts with label dmg. Show all posts
Showing posts with label dmg. Show all posts

Wednesday, November 22, 2006

Alert on MOKB-20-11-2006: Being exploited in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 wild?

I've been contacted by a Mac OS X user about a DMG image being distributed as a supposed 'cracked' version of some software, although it contains cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 'shareware' (demonstration, time-limited) version available from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 vendor website.

Without furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r investigation, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are no reasons to think it might be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same bug as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 one published in MOKB-20-11-2006. A first look over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hexdump of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 file shows that it actually contains corrupted data, yet keeping certain sections of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 DMG format itself.

There's no security update from Apple right now, thus I would like to strongly recommend a higher level of caution. Don't download DMG files, don't get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m off untrusted sources (ex. P2P networks) and disable cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Safari feature for opening this kind of files after downloading (via Preferences -> General -> Open 'safe files' after download).

Due to time limitations, research of this issue might overlap with today's release, leading to a short delay.

Tuesday, November 21, 2006

MOKB-21-11-2006: Mac OS X Apple UDTO HFS+ Disk Image Denial of Service (1)

Mac OS X fails to properly handle corrupted UDTO HFS+ image structures (ex. bad sectors), leading to an exploitable denial of service condition. Although it hasn't been checked furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r, memory corruption is present under certain conditions (in this particular case, unlikely to allow arbitrary code execution).

Monday, November 20, 2006

MOKB-20-11-2006: Mac OS X Apple UDIF Disk Image Kernel Memory Corruption (1)

Mac OS X com.apple.AppleDiskImageController fails to properly handle corrupted DMG image structures, leading to an exploitable memory corruption condition with potential kernel-mode arbitrary code execution by unprivileged users.