A vulnerability has been reported in the default "disk://" protocol handler installed on Apple Mac OS X systems. Remote attackers may potentially use this vulnerability to create files on the local system without explicit user consent. We have not independently verified the scope of this vulnerability report.
A vulnerability has been reported in the Apple Mac OS X default "disk://" URI Handler. If able to entice a user to visit a foreign web site, a remote attacker may potentially be able to download any arbitrary file to a known location on the local system. If the file is a disk image (".dmg"), it could be automatcially mounted as a disk volume available for use by an attacker. A separate vulnerability, VU#578798, has also been reported which may allow a remote attacker to execute arbitrary application files contained within a mounted disk image.
Browser or applications supporting "disk://" URIs.
A remote attacker may be able to download arbitrary files to a known location on a potentially vulnerable system.
Security Update 2004-06-07 has been released for the following system versions:
* Mac OS X v10.3.4 "Panther" * Mac OS X Server v10.3.4 "Panther" * Mac OS X v10.2.8 "Jaguar" * Mac OS X Server v10.2.8 "Jaguar"
According to the posting on Secunia, implementing all three of the following steps may mitigate this vulnerability:
1) Uncheck ("Open 'safe' files after downloading");
2) Change the protocol helpers (applications) for URI handlers which are not required, e.g., disable the "help://" handler;
3) Add a separate protocol helper (application) for "disk".
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Vendor has issued information
__ Sort by: Status Alphabetical
Affected Unknown __ Unaffected
Updated: May 21, 2004
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | | N/A
Thanks to Kang for reporting this vulnerability.
This document was written by Jason A Rafail of CERT/CC and is based on information from Secunia.com and SecurityTracker.com.
CVE IDs: | None
Severity Metric:** | 18.00
Date Public: | 2004-05-17
Date First Published: | 2004-05-21
Date Last Updated: | 2006-05-01 19:31 UTC
Document Revision: | 10