Wednesday, November 22, 2006

Alert on MOKB-20-11-2006: Being exploited in the wild?

I've been contacted by a Mac OS X user about a DMG image being distributed as a supposed 'cracked' version of some software, although it contains the 'shareware' (demonstration, time-limited) version available from the vendor website.

Without further investigation, there are no reasons to think it might be the same bug as the one published in MOKB-20-11-2006. A first look over the hexdump of the file shows that it actually contains corrupted data, yet keeping certain sections of the DMG format itself.

There's no security update from Apple right now, thus I would like to strongly recommend a higher level of caution. Don't download DMG files, don't get them off untrusted sources (ex. P2P networks) and disable the Safari feature for opening this kind of files after downloading (via Preferences -> General -> Open 'safe files' after download).

Due to time limitations, research of this issue might overlap with today's release, leading to a short delay.