Latest Apple flaw could allow attackers to compromise systems without any user interaction
Critical flaw exposes Mac OS X users
/v3-uk/news/1980187/critical-flaw-exposes-mac-os-x-users
22 Feb 2006, Tom Sanders in California , V3
A new critical threat to Apple's OS X operating system has surfaced that could allow attackers to compromise systems without any user interaction.
The flaw affects the way OS X handles meta data for Zip archives. The application considers the files to be safe and will automatically open them, allowing attackers to embed script code that the OS will execute without the user's knowledge.
Attackers could exploit the vulnerability to install software such as spyware or rootkits.
A system could become infected when users visit specially crafted websites or when saving any infected Zip archive. The attack requires no user interaction and uses the Terminal application, which is the OS X command shell.
Users of older versions of the operating system will first receive a warning asking whether they wish to execute the applications, but Apple removed this feature in the current 10.4 version of the operating system.
Security firm Secunia gave the flaw its highest rating of 'extremely critical', and said in an advisory that users can neutralise the threat by disabling the auto-run feature in the Safari browser.
But the SANS Internet Storm Center later issued a warning that this workaround will fail fully to protect users.
"This actually looks more serious then we initially thought," wrote Bojan Zdrnja, a volunteer with the SANS ISC.
"The [Secunia] workaround will prevent Safari from automatically executing the file, but it looks like your machine is still vulnerable and it doesn't need Safari to run this file at all."
German security website Heise.de offers a demonstration of how an email is able to exploit the flaw.
Pending the release of a security update by Apple, Zdrnja urged users to move the Terminal application to a different folder and not open any files from untrusted sources.
It is against common security practice for researchers to published details about software flaws before a patch has been issued.
But bug hunters in some cases go public prematurely when they believe that a flaw is being exploited, or when a vendor fails to respond to their attempts to file a report about the flaw.
Apple did not immediately return a request for comment, but is said to be working on a patch.
The latest vulnerability follows reports last week about two OS X worms, Leap-A and Inqtana, that seem to indicate that the operating system is becoming a more attractive target for hackers and online criminals.
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
About time
Finally these people will might that their OS is not perfect. In the past there have not been many viruses for Mac simply because no one cared enough about the Mac to write them.
Posted by Mark, 22 Feb 2006
WHOA (Sarcasm)
OMFGBBQ they found a flaw in the OS X. Still have like a 1 to 1000 ratio with Windows, last I checked the Virus Ratio is 2 to 700,000. WHOA! Better go by me a DELL. Dude, I got a DELL! Dude, my DELL crashed! Dude, STFU already.
Posted by Macfan23433, 23 Feb 2006
Can't tell the difference between the OS and browser?
The bug is in Safari, not OS X. While Safari is Apple's browser of choice, it isn't part of the OS, and many users don't run it.
If you can't tell the difference between an operating system and an application, you probably shouldn't be reporting on technical issues.
Posted by keith bierman, 23 Feb 2006