February 21st, 2006
Critical Mac OS X zero-day exploit
ZDNet’s George Ou has posted some details about a scary new Mac OS X exploit that takes advantage of Safari. Unlike the relatively benign OSX.Leap.A worm which emerged last week this exploit is a major security hole because it requires no user interaction.
Heise online is reporting that a new critical vulnerability for Mac OS X has been discovered and it appears to have ramifications beyond the Safari brows. The problem is severe because a user simply needs to visit a malicious website and shell scripts with launch with zero user interaction!
Here is an excerpt from Heise online:
You can determine whether your system is vulnerable by using this online demonstration provided by Heise Security. The demo attempts to open a Terminal window to display the contents of a folder. If you are running Mac OS X in its standard configuration and use Safari, the window will open without waiting for a prompt. The script could just as well delete all files accessible to the current user. At this point, no web pages are known to misuse this vulnerability. However, this could change quickly.
Click through to George Ou’s blog posting today for a temporary workaround to protect yourself if you use Safari on Mac OS X.
Jason D. O'Grady is the editor of PowerPage.org, which has been publishing daily mobile technology news since December 1995. For disclosures on Jason's industry affiliations, click here or to view Jason's full profile click here.
Subscribe to The Apple Core via Email alerts or RSS.
