Leopard
The vulnerability lies in the way Mail handles image attachments

Mac Mail flaw resurfaces in Leopard

Flaw allows code to masquerade as images

Shaun Nichols in California

vnunet.com, 21 Nov 2007

Researchers have reported a vulnerability in Apple's Leopard operating system that the company had already patched.

Heise Security said in a news posting that it had found the flaw in Apple's Mail application.

Advertisement

The vulnerability lies in the way Mail handles image attachments. An attacker could take executable code and rename it as a .jpg file. Mail would then run the code without the user even being aware that an application had been started.

This could allow an attacker to distribute malicious code to users disguised as an image attachment.

Heise Security said that, while the unpatched vulnerability is unique to Apple's latest operating system, it is hardly new.

Apple patched the same flaw for Leopard's predecessor, MacOS 10.4 Tiger, in early 2006. When a user attempts to open the attachment in Tiger, a warning is displayed that the file is an executable and not an image.

"Apple apparently either did not incorporate this update into Leopard, or did not do it correctly," said Heise Security.

The security firm has set up a webpage which sends the user an email to test for the vulnerability.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Have your say on this article

Further reading

Mac OS X Leopard

Apple fixes Leopard firewall

New update addresses security issues

Trojan horse

Mutant Trojans threaten Mac users

Malware authors tweaking payload, say researchers

Mac Trojan attack gathers steam

OS X attack being served up with PC malware

Phishing Trojan targets Mac OS X

Fake codec delivers Mac malware

Related whitepapers

Related jobs

Most watched

Social networking

Summit: How businesses should manage their brands online

In part one of V3.co.uk's interview with Dirk Singer, he dicusses social media monitoring strategies

RIM discusses new developer tools

Blackberry exec on the latest offerings for programmers

More video

Analysis and Reports

Remote access - Three steps to getting connected

3.4 million UK professionals now work from home – is your company equipped?

Cost benefits of a global collaboration network

This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications

Poll

Impact of Information Overload poll

Impact of Information Overload poll

What is the biggest problem your firm faces as a result of the data explosion?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

  • More available - 'submit' to view

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

Alcatel-Lucent logo

Summit: Networks swamped by information overload

Alcatel-Lucent's Neal Tilley talks about how enterprises and carriers can...

EU flag

Breach notification laws get green light

Privacy rights strengthened in Europe

Richard Thomas

Summit: Richard Thomas advises on handling the data deluge

Former Information Commissioner speaks out on government databases and data...

oracle sun

War of words escalates between EU and Oracle

Commission comes out fighting after criticism from Oracle and Washington

Primary Navigation