Attack of the killer PNGs

Posted by deepquest on August 7, 2009 – 12:56 pm

Apple on Wednesday patched 18 holes in its Mac OS X operating system, seven that could allow an attacker to remotely take over a machine when a user does nothing more than view a booby-trapped image.

The ImageIO Framework, which helps Mac applications read and write popular image formats, was responsible for five of the image vulnerabilities. A color management interface known as ColorSync and a component known as ImageRAW were to blame for the other two. The vulnerabilities create an ideal scenario for attackers, who could use specially manipulated PNG, OpenEXR and RAW files to remotely execute malicious code on the machines of oblivious users.

The flaws are the result of unitialized memory errors, unitialized pointer issues and heap, stack and integer overflows. Other patches fixed code-execution vulnerabilities in the OS X kernel, login window and other components in the OS.

from The Register

Tags: Apple, osx
This post is under “Apple, Security” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Hackers expose weakness in visiting trusted sites Linux Kernels vulnerability since 2001 (and still working) »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Attack of the killer PNGs

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL