PC Pro News: Vulnerability discovered in Mac OS X and Safari 11:48AM
Tuesday 21st February 2006

A vulnerability has been discovered in Mac OS X and Safari, which can be exploited to severely compromise a user's system. Secunia has rated the vulnerability as extremely critical.

The vulnerability is caused by an error in the processing of file association meta data (stored in the '__MACOSX' folder) in zip archives. This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a zip archive. For instance a shell script that deletes your entire Home folder could be disguised as a jpeg and then 'hidden' inside a zip archive.

The vulnerability can be closed by turning off 'Open "safe' files after downloading' in Safari's preferences and by not opening any zip archives from untrusted or unknown sources. In addition, security is only compromised if you are working in Administrator (or root) mode. Security experts recommend only logging in as an Administrator when necessary - to install software for instance - and creating a non-admin account for day-to-day work.

For more information on the vulnerability see Secunia Advisory SA18963 (http://secunia.com/advisories/18963/)

And another one. Seems to a concerted attack on the mac OS.

SAN FRANCISCO, California (Reuters) -- A new computer worm targeting Apple Computer Inc.'s Macintosh computers has been identified for the second time in one week, security experts said. The new worm, called OSX.Inqtana.A, spreads through a vulnerability in Apple's OS X operating system via Bluetooth wireless connections, antivirus company Symantec said.

"We have speculated that attackers would turn their attention to other platforms, and two back-to-back examples of malicious code targeting Macintosh OS X ... illustrate this emerging trend," said Vincent Weafer, senior director at Symantec Security Response.

The latest virus follows OSX/Leap-A, which was identified last week and believed to be the first such virus targeting the Mac platform. That worm attempts to spread via Apple's iChat instant messaging program, which is compatible with America Online's popular AIM instant messaging program. (Full story)

Symantec said the latest worm attempts to use Bluetooth connections to spread by searching for other Bluetooth-using devices that will accept requests for a connection when the computer is restarted. The worm spreads via a vulnerability in the OS X operating system called the Apple Mac OS X BlueTooth Directory Traversal Vulnerability. If a Bluetooth connection is made, the worm attempts to send itself to those remote computers. However, the worm itself does not appear to pose an immediate threat.

"While this particular worm is not fully functional, the source code could be easily modified by a future attacker to do damage," Weafer said, adding that Mac users should install available software patches to their operating systems to prevent such attacks.

The latest worm was identified Friday. Both worms are ranked a Level 1 threat on a scale of 1 to 5, with 5 being the most severe, Symantec said.

http://www.wired.com/news/columns/0,70257-0.html?tw=rss.technology

Nothing to worry about, yet.