Vulnerability discovered in OS X and Safari

By Justin Mann on
A security flaw has been discovered in Mac OS X that can result in a system being compromised, even if updated with the latest available patches. Secunia has posted a security advisory detailing the nature of the exploit, which stems from incorrect handling of meta data in various file types:

The vulnerability is caused due to an error in the processing of file association meta data in ZIP archives (stored in the "__MACOSX" folder) and mail messages (defined via the AppleDouble MIME format). This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive or in a mail attachment.
It's also possible to become compromised just by visiting a particularly crafted site with false files, making this type of exploit rival similar ones found in IE and Windows. Hopefully a patch will be made available soon, and make sure to keep your OS updated.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.