A vulnerabilty in the Apple Mac OS X AppleSingleEncoding disk image handler may allow execution of arbitrary code or denial of service.
Apple Mac OS X contains a vulnerability that may be exploited when a user mounts a specially crafted AppleSingleEncoding disk image file. According to Apple security document 305214 :
An integer overflow vulnerability exists in the handler for AppleSingleEncoding disk images. By enticing a local user to open a maliciously-crafted disk image, an attacker could trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of AppleSingleEncoding disk images.
A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition. The crafted AppleSingleEncoding disk image may be supplied on a webpage or in email for the victim to select, or by some other means designed to encourage them to mount the exploit file.
Do not open untrusted Apple disk images
This vulnerability was reported in Apple Security Update 2007-003.
This document was written by Chris Taschner.
|Date First Published:||2007-03-16|
|Date Last Updated:||2007-03-16 12:41 UTC|