Computer Crime Research Center


Apple Mac OS flaw

Date: February 22, 2006

Security firm Secunia on Tuesday documented a possible exploit in Apple’s Safari Web browser that the company describes as “extremely critical.” Secunia calls the exploit Mac OS X “__MACOSX” ZIP Archive Shell Script Execution, and advises Mac users to take simple action to avoid the problem. Apple confirmed it’s working on a fix.

A preference setting in the Safari Web browser can lead to the execution of a malicious shell script, renamed to a “safe” extension in a ZIP archive, according to the security alert.

That preference allows the Mac to automatically open “safe” files after downloading them. So-called safe files include movies, pictures, sounds, PDF and text documents, disk images and other archives.

If a shell script is renamed to appear as a “safe” extension to Safari, systems that have this preference turned on can automatically execute the script — and this can be exploited by someone with malicious intentions, according to Secunia.

“Apple takes security very seriously,” said an Apple spokesman. “We’re working on a fix so that this doesn’t become something that could affect customers. Apple always advises Mac users to only accept files from vendors and Web sites that they know and trust.”
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo