ORAC
21st Feb 2006, 11:53
PC Pro News: Vulnerability discovered in Mac OS X and Safari 11:48AM
Tuesday 21st February 2006
A vulnerability has been discovered in Mac OS X and Safari, which can be exploited to severely compromise a user's system. Secunia has rated the vulnerability as extremely critical.
The vulnerability is caused by an error in the processing of file association meta data (stored in the '__MACOSX' folder) in zip archives. This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a zip archive. For instance a shell script that deletes your entire Home folder could be disguised as a jpeg and then 'hidden' inside a zip archive.
The vulnerability can be closed by turning off 'Open "safe' files after downloading' in Safari's preferences and by not opening any zip archives from untrusted or unknown sources. In addition, security is only compromised if you are working in Administrator (or root) mode. Security experts recommend only logging in as an Administrator when necessary - to install software for instance - and creating a non-admin account for day-to-day work.
For more information on the vulnerability see Secunia Advisory SA18963 (http://secunia.com/advisories/18963/)
Tuesday 21st February 2006
A vulnerability has been discovered in Mac OS X and Safari, which can be exploited to severely compromise a user's system. Secunia has rated the vulnerability as extremely critical.
The vulnerability is caused by an error in the processing of file association meta data (stored in the '__MACOSX' folder) in zip archives. This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a zip archive. For instance a shell script that deletes your entire Home folder could be disguised as a jpeg and then 'hidden' inside a zip archive.
The vulnerability can be closed by turning off 'Open "safe' files after downloading' in Safari's preferences and by not opening any zip archives from untrusted or unknown sources. In addition, security is only compromised if you are working in Administrator (or root) mode. Security experts recommend only logging in as an Administrator when necessary - to install software for instance - and creating a non-admin account for day-to-day work.
For more information on the vulnerability see Secunia Advisory SA18963 (http://secunia.com/advisories/18963/)