Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mac OS X Suffers From "Critical" Flaw

Several security companies warned users of a critical vulnerability in Apple Computer's OS X Tuesday that could let attackers cripple a Mac simply by duping them into visiting a malicious Web site.

Apple confirmed the vulnerability hours later. "We're working on a fix so
that this doesn't become something that could affect customers," a spokesman
for the Cupertino, Calif.-based company said.

ZIP files are considered safe by OS X, but by tweaking the archive file, attackers could pack a ZIP with malicious scripts that the Mac would automatically run, said German firm Heise Security, one of the first to publish an advisory.

The bug, noted Heise, could be invoked without user interaction via the bundled Safari browser and its default setting of "Open Safe Files after downloading."

"Problems ensue if a shell script is stored into a ZIP archive without the so-called 'shebang line,'" wrote Heise in its advisory. "If this line is omitted, Safari no longer recognizes the content as potentially dangerous and executes shell commands without a confirmation prompt."

  • 1