dcsimg
 

Vulnerability Strikes OS X 10.4.5

Thursday Feb 23rd 2006 by Sean Michael Kerner

No patch as yet released for a highly critical flaw in the latest version of OS X.

Apple Mac OS X users may be at risk from an "extremely critical" vulnerability that remains unpatched. The exploit comes on the heels of the release of OS X 10.4.5 and recent reports that worm writers are targeting Mac users.

Danish security firm Secunia has rated the new flaw "extremely critical."

The vulnerability is allegedly caused by a flaw in how OS X 10.4.5 handles file association meta data found in ZIP archives. Arbitrary commands could potentially be executed automatically via Apple's Safari web browser from a malicious site.

As of press time, Apple had not issued a patch or an advisory for the issue on its security update site. Just last week, Apple updated OS X to version 10.4.5.

Though there isn't a formal patch, there is a simple way to avoid infection. Secunia advises that Mac users disable the "Open safe files after downloading" option in Safari.

Secunia has also posted a link for users to test to see if they are at risk from the vulnerability.

The new security vulnerability comes as OS X is facing its first worms. CME-4, also known as Leap.A, appeared last week, spreading over Apple's iChat instant messaging system.

Security vendors, including Symantec and Sophos, reported this past weekend the discovery of OSX.Inqtana.A worm, which takes advantage of vulnerabilities in Apple's Bluetooth implementation.

"Viruses emerging for the Mac OS X platform is headline news for Apple fans, but they are currently posing far from the level of threat that Windows users face every day," said Graham Cluley, senior technology consultant for Sophos, in a statement.

"No one should panic, but this is an indication that hackers are showing an increased interest in targeting the platform."

This article was originally published on internetnews.com.

Home
Mobile Site | Full Site