From what I hear this is the shizzle for killing a Mac:
Mac OS X fails to properly handle corrupted UDTO HFS+ image structures (ex. bad sectors), leading to an exploitable denial of service condition. Although it hasn’t been checked further, memory corruption is present under certain conditions (in this particular case, unlikely to allow arbitrary code execution).
This issue probably exists in FreeBSD as well, although it can’t be trigerred in the same manner. Thus, a future MoKB release will cover related filesystem bugs verified for FreeBSD.
This issue is remotely exploitable as Safari loads DMG files from external sources (ex. visiting an URL). This can be prevented by changing the Preferences and deactivating the functionality for ‘opening “safe” files after downloading’.
The following DMG image can be used to reproduce the bug: MOKB-21-11-2006.dmg.bz2bunzip2 MOKB-21-11-2006.dmg.bz2 && hdiutil attach MOKB-21-11-2006.dmg
For Safari users feeling lucky, at: MOKB-21-11-2006.dmg
Nice one there MoKB!!
BTW – Anyone interested in haxxxoring the Mac OS should probably get this app for their Mac: Apple Xcode