Please visit the new Mac-Forums Facebook page:
https://www.facebook.com/macforums1




Page 1 of 2 12 LastLast
Results 1 to 15 of 18
  1. #1
    New Serious flaw found on OSX
    Kyomii's Avatar
    Member Since
    Nov 12, 2004
    Location
    Lancashire, UK
    Posts
    356
    Your Mac's Specs
    MacMini DC 1.66, Powerbook G4
    Rep Power
    15
    New Serious flaw found on OSX
    http://isc.incidents.org/diary.php?storyid=1138

    Thoughts? I understand the first part, but can someone explain the second part please of how this still makes a machine vulnerable without needing Safari?

    I ask this because surely the user would have to decompress the file to begin with, and if the file is from a suspicious/malicious site, then a user would not choose to unzip it ?

    Also, does OSX not give you a warning when you are unzipping a file if there are commands in it?
    Fondest regards, Kyomii

    My Snapshots

  2. #2
    New Serious flaw found on OSX
    EDIT-XTREEM's Avatar
    Member Since
    Jun 27, 2005
    Location
    In the mac store and at home on my iMac
    Posts
    1,165
    Rep Power
    15
    thats terrible i bet apple will fix it sooner rather than later
    Mac Pro (Early 2009) 8 Core 2.26 GHz, 6 GB Ram, 640 GB Drive. Dell 2408WFP.

  3. #3
    I tried it with Shiira, it landed on my desk top.. In safari I unchecked this box a long time ago, it stops the automatic opening of a file.

  4. #4
    New Serious flaw found on OSX
    Kyomii's Avatar
    Member Since
    Nov 12, 2004
    Location
    Lancashire, UK
    Posts
    356
    Your Mac's Specs
    MacMini DC 1.66, Powerbook G4
    Rep Power
    15
    Quote Originally Posted by jram
    I tried it with Shiira, it landed on my desk top.. In safari I unchecked this box a long time ago, it stops the automatic opening of a file.

    Yes, I agree. I always have mine unticked too. However, they are saying, even if it is unchecked in Safari that it still presents a serious risk in the updated part, as it does not require Safari to run.

    Just wanted to know in layman's terms what they are trying to say in the second part of the report as I can see the vulnerability, but the method behind it (having to uncompress a suspect file) is unlikely to happen too much - unless users are in the habit of uncompressing suspect files perhaps?
    Fondest regards, Kyomii

    My Snapshots

  5. #5
    I really don't understand, but I just clicked on a link that is suppose to be a demo of the exploit.. It didn't open, are you saying it doesn't have to open??

  6. #6
    Kokopelli
    Guest
    This is just a reflection of Safari autohandleing certain file types automatically near as I can tell.

    This was corrected for default behavior with the whole widget fiasco. If someone has safari (or other app) set to autohandle the file there is a risk. Further as near as I can tell you can have a script autorun on unzipping of the file, this might not be the wisest of things to allow a zip file to do without warning. If that is the case then it is "as designed" but is a potential problem.

  7. #7
    JunMacTech
    Guest
    You guys are missing the severity of this:

    Taken from link:
    When this script was stored in a ZIP archive, Mac OS X will add a binary metadata to the archive. This file determines what will be used to open the main file in the archive, regardless of the extension or symbol displayed in the Finder.
    This has nothing to do with safari. Malicious files can be disguised to appear like any file that the mean ol destructor of the mac omniverse desires. One simple way to guard from this is to stick to column view. The nice little preview window will tell you what app is associated with the file, regardless of name and extension.

  8. #8
    New Serious flaw found on OSX
    PowerBookG4's Avatar
    Member Since
    Jan 08, 2005
    Location
    New Jersey
    Posts
    6,188
    Your Mac's Specs
    Mac Pro 8x3.0ghz 12gb ram 8800GT , MBP 2.16 2GB Ram 17 inch.
    Rep Power
    20
    Quote Originally Posted by JunMacTech
    This has nothing to do with safari. Malicious files can be disguised to appear like any file that the mean ol destructor of the mac omniverse desires. One simple way to guard from this is to stick to column view. The nice little preview window will tell you what app is associated with the file, regardless of name and extension.
    I believe this to be correct in some ways, although they are saying that it can be applied in any file format, they are saying it is launched through safari. If you acces this file in any other way (ie. through mail or an im transfer) then you will have to execute it yourself, which is not much of a threat because you should know how your computer works and how it should handle certainf file types.. you are correct that a good way to protect yourself is to use column veiw but an other good way to protect yourself would be to enbable file extentions in finder so you can see what it is you are dealing with. It is very easy for somebody (like it already occured) to change the icon of an application to appear to be a jpeg.
    My Website
    Blog
    I love my hosting company!
    I was on the M-F honor roll for Febuary:2006

  9. #9
    JunMacTech
    Guest
    Quote Originally Posted by PowerBookG4
    If you acces this file in any other way (ie. through mail or an im transfer) then you will have to execute it yourself, which is not much of a threat because you should know how your computer works and how it should handle certainf file types..
    I agree that I know how my computer works, and that users SHOULD. Unfortunately for me, most of the users that I support do not. If it looks like a jpeg, they are going to open it. If they downloaded a "mp3" from a peer to peer network, they aren't going to pay attention to the fact that it is only 2KB. They are going to execute that file and execute the nice little script that deletes their home directory.

    I can show them how to protect themselves, the fact is they won't.

    I can lead the horse to water, **** I can toss it in. But unless I ram a feeding tube down it's throat or stick it with an IV, 90% of the time it's not going to take a drink.

  10. #10
    Tiranis
    Guest
    Hmm... I agree with JunMacTech, but the problem here is: how do you "fix it"? First, Apple has to keep the support for custom icons on all files—there would be many complaints if they didn't, so now what do you do? I, honestly, have no idea. :-\

  11. #11
    New Serious flaw found on OSX

    Member Since
    Mar 30, 2004
    Location
    USA
    Posts
    4,744
    Your Mac's Specs
    12" Apple PowerBook G4 (1.5GHz)
    Rep Power
    23
    Quote Originally Posted by Tiranis
    Hmm... I agree with JunMacTech, but the problem here is: how do you "fix it"? First, Apple has to keep the support for custom icons on all files—there would be many complaints if they didn't, so now what do you do? I, honestly, have no idea. :-\
    Other people have suggested that the Finder should attach a "badge" (a small overlaid icon, like the arrow on an alias) to every executable. This would have to include applications and Terminal documents (like the shell script in the proof-of-concept) at a minimum, and perhaps AppleScripts. No matter what icon you paste onto the file, the badge would appear over it.

  12. #12
    Badger
    Guest
    The code activates and runs in the Terminal; it does not run in Safari. Deselecting the open safe files option does not prevent downloading the malicious file; it only prevents it from being automatically opened. And it does not stop Mail or other programs from opening the file. You can prevent the code from running by simply renaming the Terminal to something else like myTerminal. Macintouch has posted a link to a non-harmful example to test your system.

  13. #13
    New Serious flaw found on OSX
    PowerBookG4's Avatar
    Member Since
    Jan 08, 2005
    Location
    New Jersey
    Posts
    6,188
    Your Mac's Specs
    Mac Pro 8x3.0ghz 12gb ram 8800GT , MBP 2.16 2GB Ram 17 inch.
    Rep Power
    20
    It would be productive to do that, but how many people who want to make their own applicatoin with their own icon would get annoyed by the fact that there is going to be a badge over it?
    My Website
    Blog
    I love my hosting company!
    I was on the M-F honor roll for Febuary:2006

  14. #14
    JunMacTech
    Guest
    Quote Originally Posted by Badger
    The code activates and runs in the Terminal; it does not run in Safari. Deselecting the open safe files option does not prevent downloading the malicious file; it only prevents it from being automatically opened. And it does not stop Mail or other programs from opening the file. You can prevent the code from running by simply renaming the Terminal to something else like myTerminal. Macintouch has posted a link to a non-harmful example to test your system.
    Interesting, I had read that renaming these apps could break other things...?

  15. #15
    JunMacTech
    Guest
    Quote Originally Posted by JunMacTech
    Interesting, I had read that renaming these apps could break other things...?
    Ok, here is what I did.

    Renamed /applications/utilities/Terminal.app
    to _Terminal.app

    Create a workflow containing:
    Ask for Confirmation
    Launch Application

    In the Ask for Confirmation, say something like Are you sure you wish to launch the Terminal? Give the security reasons why.

    Launch application - > Point to _Terminal.app

    Save the workflow as an application called Terminal.app in /applications/utilities

    Now whenever /applications/utilities/Terminal.app is called, it will request your permission.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 2
    Last Post: 03-21-2013, 10:28 AM
  2. Another lockscreen passcode flaw found in Apple's iOS 6.1
    By OneMoreThing... in forum Apple Rumors and Reports
    Replies: 0
    Last Post: 02-25-2013, 05:20 PM
  3. Major Mac Computer Security Flaw Found
    By bobross in forum macOS - Operating System
    Replies: 6
    Last Post: 09-02-2009, 09:00 PM
  4. iBook design flaw found
    By Kilted1 in forum Apple Rumors and Reports
    Replies: 7
    Last Post: 05-13-2007, 03:44 PM
  5. Critical Flaw Found in Firefox
    By IChing in forum macOS - Operating System
    Replies: 0
    Last Post: 05-09-2005, 06:37 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •