Disk image flaw found on Mac OS X

A vulnerability in the way Macs handle the disk image (.dmg) format could allow a system to be compromised by a remote attacker, according to the latest post by the Month of Kernel Bugs (MoKB) Project.

The flaw occurs in the function responsible for opening disk images and could be exploited remotely if an attacker crafts a malformed image, places it on a Web server, and then convinces a Mac user to click on a link, according to an advisory on the MoKB Web site. The default configuration for Apple's Safari Web browser allows "safe" files to be opened after downloading.

Apple has come under increasing scrutiny by vulnerability researchers. The latest bug is the third issue disclosed by the MoKB Project, which included a significant vulnerability in older drivers for Apple's wireless Airport network hardware. A recent report by Symantec, the owner of SecurityFocus, noted an increased focus among researchers on developing exploits for Mac OS X flaws.

Safari users can protect themselves from the issue by deactivating the opening "safe" files after downloading preference setting.