Vulnerability Strikes OS X 10.4.5

By Sean Michael Kerner (Send Email)
Posted Feb 23, 2006


Apple Mac OS X users may be at risk from an "extremely critical" vulnerability that remains unpatched. The exploit comes on the heels of the release of OS X 10.4.5 and recent reports that worm writers are targeting Mac users. No patch as yet released for a highly critical flaw in the latest version of OS X.

Danish security firm Secunia has rated the new flaw "extremely critical."

The vulnerability is allegedly caused by a flaw in how OS X 10.4.5 handles file association meta data found in ZIP archives. Arbitrary commands could potentially be executed automatically via Apple's Safari web browser from a malicious site.

As of press time, Apple had not issued a patch or an advisory for the issue on its security update site. Just last week, Apple updated OS X to version 10.4.5.

Though there isn't a formal patch, there is a simple way to avoid infection. Secunia advises that Mac users disable the "Open safe files after downloading" option in Safari.

Secunia has also posted a link for users to test to see if they are at risk from the vulnerability.

The new security vulnerability comes as OS X is facing its first worms. CME-4, also known as Leap.A, appeared last week, spreading over Apple's iChat instant messaging system.

Security vendors, including Symantec and Sophos, reported this past weekend the discovery of OSX.Inqtana.A worm, which takes advantage of vulnerabilities in Apple's Bluetooth implementation.

"Viruses emerging for the Mac OS X platform is headline news for Apple fans, but they are currently posing far from the level of threat that Windows users face every day," said Graham Cluley, senior technology consultant for Sophos, in a statement.

"No one should panic, but this is an indication that hackers are showing an increased interest in targeting the platform."

This article was originally published on internetnews.com.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.