Zero Day Exploit Hits Apple's OS X
By Sean Michael Kerner
February 21, 2006
Apple Mac OS X users may be at risk from an "extremely critical" vulnerability that remains un-patched.
The apparent zero-day exploit comes as OS X users on the heels of recent reports that's Apple Mac users are now being targeted by worm writers
Danish security firm Secunia has rated the new flaw "extremely critical."
The vulnerability is allegedly caused by a flaw in how OS X 10.4.5 handles file association meta data found in ZIP archives. Arbitrary commands could potentially be executed automatically via Apple's Safari web browser from a malicious site.
As of press time, Apple had not issued a patch or an advisory for the issue on its security update site. Just last week, Apple updated OS X to version 10.4.5.
Though there isn't a formal patch, there is a simple way to avoid infection. Secunia advises that Mac users disable the "Open safe files after downloading" option in Safari.
Secunia has also posted a link for users to test to see if they are at risk from the vulnerability.
The new security vulnerability comes as OS X is facing its first worms. CME-4, also known as Leap.A, appeared last week, spreading over Apple's iChat instant messaging system.
Security vendors including Symantec and Sophos reported over the weekend the discovery of OSX.Inqtana.A worm, which takes advantage of vulnerabilities in Apple's Bluetooth implementation.
"Viruses emerging for the Mac OS X platform is headline news for Apple fans, but they are currently posing far from the level of threat that Windows users face every day," said Graham Cluley, senior technology consultant for Sophos, in a statement.
"No one should panic, but this is an indication that hackers are showing an increased interest in targeting the platform."
The problem isn't Safari. If you download a correctly formed .zip file and run it manually, it will be triggered. This harmless example will show a listing of your home directory. It could equally delete your home directory. Open the zip file and look at the picture.
The problem is in the way OSX allows programs inzip files to hold onto custom program bindings. Basically, a shell script can be made to look like a jpg or mov, but run in Terminal when clicked.
To protect yourself, you can:
- rename Terminal.app to something else
- check all files you download with 'Get Info' before double-clicking.
Technically this is not a virus as it has no spreading mechanism.
AFAIK, older versions of OSX, all the way back to 10.0 have the same problem. Eariler versions of Safari won't automatically try to open the file, which is a marginal improvement on the situation. The basic vulnerability is still there: zip files hold onto custom bindings.
i'm wondering, what antivirus software (s) are you mac users using? i recently bought a macbook pro, and haven't installed any antivirus program for mac, but have in the meanwhile installed mcafee for the windows hd. any suggestion? much appreciated.
msarch- really? i've only got mine for 48 hours. and so far i can tell it's astoundingly fast & powerful, wayyy faster than my old toshiba satelite.
LIG- as you're the apple expert here, do mac users need to use antivirus software? mainly i'm using mac for safari, ms word, playing dvd/ music. for the heavy stuff such as rendering/ cadding/ games i use windows on my macbook pro.
Right now I have indesign, illustrator, photoshop, flash, dreamweaver, bridge, suitcase fusion, xcode, particleillusion, blender and safari (like 30 tabs), pages, quicktime, terminal, and acrobat.
Activity Monitor says 26.9MB/2.92GB used ... :\
the computer would be great if it wasn't for my psychotic looking dock. :)
You'll love your mbp, I've loved mine it just doesn't love the way I use it and gets very hot and tries to burn me. Best computer I've owned though, no question.
mgs- how does it try to burn you? i thought you're not supposed to put it on your lap as it does tend to get v. hot, like flat iron hot. but i heard from other forum, mbp doesn't get as hot as mb? i hope mbp never gets so hot to the point of melting its case or hard disc or other components...
Seriously though, I was just joking about the laptop trying to burn me. :)
i don't keep it on my lap 90% of the time, even when I do it doesn't burn me. Download SMCFanControl. I have kept mine at 6000 RPM since I got the mbp nov 2006. Although I've seen temp go past 90C nothing bad has ever happened. Of course I have applecare just in case but still having to give up my computer for 2 weeks would be bad.
So sketchy to jinx myself like this in the midst of applications .... time for a back up I think.
Don't worry too much about your MBP. Get that free AVG antivirus if lost suggested. If you're running windows on there I guess it's probably a good idea. Although, if I was running windows on here I'd just leave the network connection to parallels turned off. you just got a brand new mac, you wanna go and put windows on there!!!!! It would be awesome to have Catia though, I think that's the only program I would love that really doesn't have anything comparable for mac. (does it?)
One thing though, if you are new to macs I would also say you should really really really take the time to learn the rudimentary nonsense you just assume you know how to do. A lot of people get frustrated an their like because they think mac's are supposed to 'just work'. If you learn the keyboard shortcuts etc. you'll love your mbp a lot more and it's gonna save you a ton of time overall.
Zero Day Virus hits Mac OSX
Zero Day Exploit Hits Apple's OS X
By Sean Michael Kerner
February 21, 2006
Apple Mac OS X users may be at risk from an "extremely critical" vulnerability that remains un-patched.
The apparent zero-day exploit comes as OS X users on the heels of recent reports that's Apple Mac users are now being targeted by worm writers
Danish security firm Secunia has rated the new flaw "extremely critical."
The vulnerability is allegedly caused by a flaw in how OS X 10.4.5 handles file association meta data found in ZIP archives. Arbitrary commands could potentially be executed automatically via Apple's Safari web browser from a malicious site.
As of press time, Apple had not issued a patch or an advisory for the issue on its security update site. Just last week, Apple updated OS X to version 10.4.5.
Though there isn't a formal patch, there is a simple way to avoid infection. Secunia advises that Mac users disable the "Open safe files after downloading" option in Safari.
Secunia has also posted a link for users to test to see if they are at risk from the vulnerability.
The new security vulnerability comes as OS X is facing its first worms. CME-4, also known as Leap.A, appeared last week, spreading over Apple's iChat instant messaging system.
Security vendors including Symantec and Sophos reported over the weekend the discovery of OSX.Inqtana.A worm, which takes advantage of vulnerabilities in Apple's Bluetooth implementation.
"Viruses emerging for the Mac OS X platform is headline news for Apple fans, but they are currently posing far from the level of threat that Windows users face every day," said Graham Cluley, senior technology consultant for Sophos, in a statement.
"No one should panic, but this is an indication that hackers are showing an increased interest in targeting the platform."
Link
Basically, dont use safari.
The problem isn't Safari. If you download a correctly formed .zip file and run it manually, it will be triggered. This harmless example will show a listing of your home directory. It could equally delete your home directory. Open the zip file and look at the picture.
The problem is in the way OSX allows programs inzip files to hold onto custom program bindings. Basically, a shell script can be made to look like a jpg or mov, but run in Terminal when clicked.
To protect yourself, you can:
- rename Terminal.app to something else
- check all files you download with 'Get Info' before double-clicking.
Technically this is not a virus as it has no spreading mechanism.
Thanks!
No prob. Here's hoping for a quick fix in Software Update!
is it a problem for older versions of osx also?
Just 10.4.5
Beg to differ.
AFAIK, older versions of OSX, all the way back to 10.0 have the same problem. Eariler versions of Safari won't automatically try to open the file, which is a marginal improvement on the situation. The basic vulnerability is still there: zip files hold onto custom bindings.
OS 9 might be safer.
god help us all. a black day for mac users in our ivory towers...
i'm wondering, what antivirus software (s) are you mac users using? i recently bought a macbook pro, and haven't installed any antivirus program for mac, but have in the meanwhile installed mcafee for the windows hd. any suggestion? much appreciated.
I've heard pretty good things about AVG, for both Mac and Windows people. It's free, and doesn't hog all your system resources the way Norton does.
my macbook pro is crawling as it is (c2d 2.33 3gb). ain't no windows or antivirus goin on here. ;)
i want a mac pro so bad .... 8 threads ....
msarch- really? i've only got mine for 48 hours. and so far i can tell it's astoundingly fast & powerful, wayyy faster than my old toshiba satelite.
LIG- as you're the apple expert here, do mac users need to use antivirus software? mainly i'm using mac for safari, ms word, playing dvd/ music. for the heavy stuff such as rendering/ cadding/ games i use windows on my macbook pro.
Right now I have indesign, illustrator, photoshop, flash, dreamweaver, bridge, suitcase fusion, xcode, particleillusion, blender and safari (like 30 tabs), pages, quicktime, terminal, and acrobat.
Activity Monitor says 26.9MB/2.92GB used ... :\
the computer would be great if it wasn't for my psychotic looking dock. :)
You'll love your mbp, I've loved mine it just doesn't love the way I use it and gets very hot and tries to burn me. Best computer I've owned though, no question.
so funny we revived this thread!! haha.
mgs- how does it try to burn you? i thought you're not supposed to put it on your lap as it does tend to get v. hot, like flat iron hot. but i heard from other forum, mbp doesn't get as hot as mb? i hope mbp never gets so hot to the point of melting its case or hard disc or other components...
Seriously though, I was just joking about the laptop trying to burn me. :)
i don't keep it on my lap 90% of the time, even when I do it doesn't burn me. Download SMCFanControl. I have kept mine at 6000 RPM since I got the mbp nov 2006. Although I've seen temp go past 90C nothing bad has ever happened. Of course I have applecare just in case but still having to give up my computer for 2 weeks would be bad.
So sketchy to jinx myself like this in the midst of applications .... time for a back up I think.
Don't worry too much about your MBP. Get that free AVG antivirus if lost suggested. If you're running windows on there I guess it's probably a good idea. Although, if I was running windows on here I'd just leave the network connection to parallels turned off. you just got a brand new mac, you wanna go and put windows on there!!!!! It would be awesome to have Catia though, I think that's the only program I would love that really doesn't have anything comparable for mac. (does it?)
One thing though, if you are new to macs I would also say you should really really really take the time to learn the rudimentary nonsense you just assume you know how to do. A lot of people get frustrated an their like because they think mac's are supposed to 'just work'. If you learn the keyboard shortcuts etc. you'll love your mbp a lot more and it's gonna save you a ton of time overall.
Download Blacktree's Quicksilver- really wonderful program.
Block this user
Are you sure you want to block this user and hide all related comments throughout the site?
Archinect
This is your first comment on Archinect. Your comment will be visible once approved.