Mac OS X Command Execution Vulnerability work-around
Haoli, the author of Saft, the popular plugin for Safari just released Saft Lite 3.0.0 for MacOS 10.4.4 and 10.4.5 and Safari 2.0.3. Saft Lite 3.0.0 is a free plugin that offers a work-around to the “Mac OS X Command Execution Vulnerability”.
Here’s the detail of the vulnerability:
The vulnerability is caused due to an error in the processing of file association meta data in ZIP archives (stored in the “__MACOSX” folder) and mail messages (defined via the AppleDouble MIME format). This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive or in a mail attachment.
This can also be exploited automatically via the Safari browser when visiting a malicious web site.
Please note that this is only a WORK-AROUND for Safari. The problem is in the MacOSX, and if the file is downloaded via Mail or other browsers, it still can damage your system when you double-click to “open” it. The best way to prevent your system from this vulnerability is not to open files in archives or mail attachment originating from untrusted sources.
You can also check your system if it is affected by this issue.
1. Brayden Ackley 22 Jun 2007
George Michael becomes the first singer to perform at the new Wembley Stadium, calling it an "amazing honour"…