iTWire - Mac quarantine bug returns in Leopard

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Information Technology News

Mac quarantine bug returns in Leopard

Mac quarantine bug returns in Leopard

E-mail

by Stephen Withers
Thursday, 22 November 2007
Mac OS X includes a mechanism that's supposed to warn users before they execute files downloaded from the Internet, but the reappearance in Mac OS X 10.5 Leopard leaves systems vulnerable to Trojan attachments received in Mail. Featured Whitepaper 5 Best Practices for Smartphone Support The issue was fixed by Security Update 2006-001 for Mac OS X 10.4 ("Download Validation fails to warn about unsafe file types"), but somehow made its way back into the latest version of Apple's operating system. The problem was identified by Heise Security, which explains how a supposedly safe filetype such as a JPEG image can be doctored to contain a a shell script or other executable plus a resource fork that tells the Mac which application should be used to open it. Heise has prepared a proof of concept for the vulnerability. The attachment appears to be a JPEG file, but attempting to open it launches the Terminal utility instead of displaying an image in Preview or whichever application the user has designated for JPEGs. While Heise's example purports to be harmless, it would be a simple matter to deliver a shell script that deletes all of the files in the recipient's home folder. The ability to deliver and run an executable file in this manner represents a real threat to the unwary. According to security vendor Intego, clicking an attachment in Mail for the first time bypasses the quarantine alert, but a subsequent attempt triggers the warning. More worryingly, if the same attachment arrives in later emails, it will be opened without warning. Until Apple releases a patch, users should be especially careful about opening attachments, or use an anti-virus program capable of detecting such exploits. Tags See All Tags Apple Email Macintosh Malware Security Software Stephen Withers Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

User Experience Architect (C4)
Consulting Services Branch Manager
Process Analyst X 4 (M4)
Content Co-Ordinator (M3)
Senior .Net Developer (M3)
Business Analyst (M17)
Test Lead
Senior Business Analyst
Business Analyst - Financial Markets, Ops focus
Technical Business Analyst - BI & DW - Contract

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking