[X-Unix] Security update for the PNG exploit
James Bucanek
subscriber at gloaming.com
Mon Aug 9 21:56:20 PDT 2004
PJ Bearstein wrote on Monday, August 9, 2004:
>Is the PNG exploit a proof of concept thingy? I don't see how a
>graphics format can allow malicious things to affect Macs.
Most buffer overflow type exploits can be used to execute malicious code. To fall victim, your system has to be in a position which allows a remote user the ability to upload, then render, a maliciously constructed PNG image.
Which isn't that hard. Someone could direct you to a web page that contained an infected PNG file. Or, they could e-mail you a bad PNG as an attachment, which would cause code to execute when you looked at it. Or, possibly use an infected PNG as an iChat icon....
Not too much of a big deal now, since the hole is already closed. But I can see how it could have been very serious.
--
James Bucanek <mailto:privatereply at gloaming.com>
More information about the X-Unix
mailing list