Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Another (nasty) OS X vulnerability

February 20th 2006 in Uncategorized

Richard Harper spotted this little nasty and sent a heads-up to a mailing list I monitor ….


http://www.heise.de/english/newsticker/news/69862


“The demo attempts to open a Terminal window to display the contents of a folder.  If you are running Mac OS X in its standard configuration and use Safari, the window will open without waiting for a prompt. The script could just as well delete all files accessible to the current user. At this point, no web pages are known to misuse this vulnerability. However, this could change quickly.”


Cross-reference – Mac OS X viruses disclosed:
http://msmvps.com/blogs/spywaresucks/archive/2006/02/17/83978.aspx


 


Comments are closed.

Check out this thread started by “Calamity Jane” :http://www.dslreports.com/forum/remark,15508219
So, it seems the Aussie golden boy Dale Begg-Smith has made his money via some pretty shady dealings…. 
As a person who deals on a far too regular basis with the end-result of PC hijackings, and has had to deal with the end result of underage kids being confronted […]

Previous Entry

Update: ICSAN says it is worse than first though:http://isc.sans.org/diary.php?storyid=1138
“This actually looks more serious then we initially thought it is. The workaround specified above will prevent Safari from automatically executing the PoC file, but it looks like your machine is still vulnerable and it doesn’t need Safari to run this file at all.”
Original blog article:http://msmvps.com/blogs/spywaresucks/archive/2006/02/21/84348.aspx
Edit: Secunia […]

Next Entry

Archives