Network Computing is part of the Informa Tech Division of Informa PLC
Zero-Day Exploit Turns Up Heat On Mac OS X
An exploit for the recenty-disclosed zero-day vulnerability in Apple Computer's Mac OS X has gone public, security vendors said Thursday, increasing the risk that the bug will be used by attackers.
Code has been posted to the Metasploit Project site, which rolls out exploit modules for its Framework tool on a regular basis. The code targets the so-called "Safe file" flaw in Apple's Safari browser.
The exploit, which was crafted by someone identified as "HD Moore," who has been credited with other exploits posted for Metasploit's Framework, uses a malicious ZIP file containing a shell script.
"[This] targets a vulnerability in the Safari Web browser 'Safe file' feature, which will automatically open any file with one of the allowed extensions," said Symantec in a warning to customers of its DeepSight Threat Management System. "A malicious user may provide a crafted archive file which contains shellcode to be executed on the browser's system."
Symantec repeated advice from earlier this week that Mac administrators should disable the "Open Safe Files" feature in Safari.
Recommended For You
What skills do network managers really need to properly secure industrial networks? What new protocols, frameworks, and regulations are important? And what conferences and certifications can help? Here are five tips to get started.
A full-stack approach to retail edge offers retailers a way to optimize operations and adapt to changes in a post-pandemic world.
Network management tool sprawl is getting in the way of network management. It’s time for IT to do something about it.