A serious vulnerability in Apple Mac OS X could allow
hackers to run malicious code if users simply visit a website,
security experts have warned.
The news of the vulnerability follows the discovery of two worms
targeting the Mac OS X (version 10.4) operating system, as Mac
users begin to face security threats that are more often associated
with Windows.
The vulnerability was first thought to be due to a feature in
Apple’s Safari web browser – Open Safe Files – which is activated
by default when downloading. A zip file would be considered “safe”
and automatically opened.
“Subsequently, a shell script with no #! at the beginning of the
script will be executed automatically,” security experts from
the
SANS Internet Storm Centre warned.
“This could be really bad. Attackers can run shell scripts on
your computer remotely just by visiting a malicious website.”
In updates, SANS later added: “This actually looks more serious
then we initially thought.” Disabling the Open Safe Files feature
would prevent Safari from automatically executing a malicious file,
“but it looks like your machine is still vulnerable and it doesn't
need Safari to run this file at all”.
Citing German security experts Heise, SANS reports that Apple’s
Mail application is also vulnerable. “The attacker doesn't need to
send a ZIP archive; the shell script itself can be disguised to
practically anything,” SANS added.
It advised Mac users to disable the Open Safe Files function in
Safari and use alternatives to Mail, such as the open source
Mozilla Thunderbird.