Sophos Explains the Crazy “FILE” Bug in OS X 10.8

OS X Mountain Lion apps crash every time if you type File, colon, ///

A newly emerged bug in Apple’s Mountain Lion operating system causes most applications to crash if you type File, colon, followed by three slashes. Sophos explains why the crash occurs and how to patch it until Apple releases its official fix.

This article can’t include the actual string of characters (pictured left) since it will crash the very app used to write the story on (Bean). We also wouldn’t want to crash your web browser or RSS feed, if you’re reading this on Mountain Lion.

This is actually a tip from Paul Ducklin, a security expert at Sophos who decided to offer a lowdown of the “FILE” bug in a post on the company’s NakedSecurity blog.

First off, Ducklin says the entire “file” can be written in caps. “…you just have to capitalise one or more of the letters,” he reveals. He then proceeds to explain.

“The trouble happens in a system library called DataDetectorsCore, which lots of applications use to recognise and act upon special content in a text window, such as URLs, telephone numbers and so forth.”

“Since the text string […] denotes a local, file-based URL, it's just the kind of text you'd expect Apple's data detector code to locate and react to,” Ducklin says.

He reveals that it’s not just a matter of typing the string, “but having it displayed in the first place.” The crash is then triggered by what programmers call an “assertion,” something that developers are encouraged to use to make their code resilient.

And Apple is using it across OS X apps which access a component called “DataDetectorsCore,” which is part of Apple's AppKit development libraries, according to Ducklin.

These apps include (but are not limited to), Safari, Mail, TextEdit, Messages, and many others.

“What was intended as a safety check can now be abused for a denial-of-service that is annoying at best,” Ducklin notes.

Check out the full analysis, complete with a fix that may not be for the faint-hearted.

Hot right now  ·  Latest news