Overview
A vulnerability has been reported in the default "disk://" protocol handler installed on Apple Mac OS X systems. Remote attackers may potentially use this vulnerability to create files on the local system without explicit user consent. We have not independently verified the scope of this vulnerability report.
Description
A vulnerability has been reported in the Apple Mac OS X default "disk://" URI Handler. If able to entice a user to visit a foreign web site, a remote attacker may potentially be able to download any arbitrary file to a known location on the local system. If the file is a disk image (".dmg"), it could be automatcially mounted as a disk volume available for use by an attacker. A separate vulnerability, VU#578798, has also been reported which may allow a remote attacker to execute arbitrary application files contained within a mounted disk image. Browser or applications supporting "disk://" URIs. |
Impact
A remote attacker may be able to download arbitrary files to a known location on a potentially vulnerable system. |
Solution
Security Update 2004-06-07 has been released for the following system versions:
This update removes the "disk://" URI handler. |
According to the posting on Secunia, implementing all three of the following steps may mitigate this vulnerability: |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Kang for reporting this vulnerability.
This document was written by Jason A Rafail of CERT/CC and is based on information from Secunia.com and SecurityTracker.com.
Other Information
| CVE IDs: | None |
| Severity Metric: | 18.00 |
| Date Public: | 2004-05-17 |
| Date First Published: | 2004-05-21 |
| Date Last Updated: | 2006-05-01 19:31 UTC |
| Document Revision: | 10 |