News | Forum | Free Software | Online Scanners | Tutorials - HowTo
1. Been infected with spyware? Tell us about your problem.
2. Protect your PC from viruses, spyware.
3. For fast automatic spyware removal, try CounterSpy, SUPERAntiSpyware

Mac OS X File Association Meta Data Shell Script Execution

Michael Lehn has discovered a vulnerability in Mac OS X, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to an error in the processing of file association meta data in ZIP archives (stored in the “__MACOSX” folder) and mail messages (defined via the AppleDouble MIME format). This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive or in a mail attachment.

This can also be exploited automatically via the Safari browser when visiting a malicious web site.

Secunia has constructed a test, which can be used to check if your system is affected by this issue.

February 23, 2006 on 12:41 am | In Exploits & Vulnerabilities | |
Submit to: Digg | SlashDot | Del.icio.us

No Comments yet »

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a captcha-picture. It is used to prevent mass-access by robots. (see: www.captcha.net)

You must read and type the 4 chars within 0..9 and A..F, and submit the form.

  

Oh no, I cannot read this. Please, generate a


MY ANTI SPYWARE Powered by WordPress with Pool theme design by Borja Fernandez.
Entries and comments feeds. Valid XHTML and CSS. ^Top^