Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos recently discovered a memory corruption vulnerability in PowerISO’s handler that deals with DMG files.
PowerISO is a CD/DVD/BD image file processing tool, which allows users to open, extract, burn, create, edit, compress, encrypt, split and convert ISO files, and mount ISO files with an internal virtual drive. Recent versions provide support for Apple Disk Image file format, also known as DMG files. TALOS-2021-1308 (CVE-2021-21871) is a memory corruption vulnerability in PowerISO that could result in the attacker gaining the ability to execute code on the victim machine. An attacker can exploit this vulnerability by tricking a user into opening a specially crafted DMG file.
Cisco Talos worked with PowerISO to ensure that this issue is resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.
Although PowerISO has fixed this issue, they did not change the version number on the fixed release. Users should confirm that they are running PowerISO, version 7.9 with the most recent bug fixes.
The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 57728 and 57729. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.