A serious vulnerability in Apple Mac OS X could allow hackers to run malicious code if users simply visit a website, security experts have warned.
The news of the vulnerability follows the discovery of two worms targeting the Mac OS X (version 10.4) operating system, as Mac users begin to face security threats that are more often associated with Windows.
The vulnerability was first thought to be due to a feature in Apple’s Safari web browser – Open Safe Files – which is activated by default when downloading. A zip file would be considered “safe” and automatically opened.
“Subsequently, a shell script with no #! at the beginning of the script will be executed automatically,” security experts from the
SANS Internet Storm Centre warned.
“This could be really bad. Attackers can run shell scripts on your computer remotely just by visiting a malicious website.”
In updates, SANS later added: “This actually looks more serious then we initially thought.” Disabling the Open Safe Files feature would prevent Safari from automatically executing a malicious file, “but it looks like your machine is still vulnerable and it doesn't need Safari to run this file at all”.
Citing German security experts Heise, SANS reports that Apple’s Mail application is also vulnerable. “The attacker doesn't need to send a ZIP archive; the shell script itself can be disguised to practically anything,” SANS added.
It advised Mac users to disable the Open Safe Files function in Safari and use alternatives to Mail, such as the open source Mozilla Thunderbird.