All the latest UK technology news, reviews and analysis
|
|
|
12 Jan 2007
Security researchers have posted exploit code for a Mac OS X vulnerability that runs through Apple's Safari web browser.
A successful exploit could allow for remote code execution, according to the original posting of the vulnerability. Security firm Secunia gave the vulnerability its second-highest rating of 'highly critical'.
The vulnerability was disclosed by a security researcher known only as 'LMH' as part of the Month of Apple Bugs project which aims to disclose a new Mac OS vulnerability every day in January.
The exploit uses a default feature in Safari originally designed to streamline the download and launch of files.
By default, Safari allows for several types of files to be opened automatically, including disk image (.dmg) files which are often used to compress applications for download.
The vulnerability lies in the way Mac OS X processes disk images. A specially crafted .dmg file could cause an application crash that would leave the attacker free to execute malicious code.
The vulnerability can be mitigated by turning off the 'Open safe files after downloading' option in Safari's preference panel, according to Secunia.
'LMH' released code for a similar exploit in November which also used the 'Open safe files' feature in Safari to launch .dmg files that targeted another vulnerability in OS X.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Inside Sales / IT Sales / Business Development / Fluent...
Title: Senior Web Developer / Engineer (HTML, JavaScript...
Job Title: Java Developer (J2SE / JEE) Salary: up to...
Job Title: Agile Test Manager Salary: up to 55k per...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Old news and not really a problem
The "open safe" feature was turned off by default after this issue came up like a year ago. Now people need to tell safari that they want it to automatically open files. If people choose to open a random file, no level of security can stop it. ie: if I'm logged in as admin, download a file called thiswillformatyourmac, let it run and it wipes my hard drive, that's not really a flaw in the software.
Posted by: Stu 12 Jan 2007