Security firm Secunia has posted an advisory about a potential Mac OS X UDIF Memory Corruption Vulnerability. The bug was discovered as part of the “Month of Kernel Bugs” (MOKB) campaign which aims to expose a new Mac OS X flaw every day of the month. How nice.

Here’s the deal: The bug is packaged as a corrupt disk image (.dmg file). Safari’s behaviour of handling downloaded disk images is to mount it, which can cause even a fully patched Mac with OS X 10.4.8 to crash or gain control of the target system.

Being part of the MOKB campaign and an exploit that actually works on a Mac, it’s being blown out of proportion a bit I think. MacWorld’s Peter Cohen and Rob Griffiths ask just how serious this flaw is.

Keep in mind, however, that whenever you download and install anything (from a disk image or not), you’re trusting the author of the code on that disk image — especially if it requires you to run an installer or asks for your admin password.

So the solution is to practice safe sex computing. Don’t simply take candy from strangers and don’t simply open weird .dmg files. Also, disable Safari’s opening of safe files:

1. Open Safari
2. Open “Preferences” under the “Safari” menu
3. Click on the “General” tab at the top
4. Un-check the “Open ’safe’ files after downloading” box
5. Close Safari’s preferences

Till next time boys and girls, take care and stay safe!