OS X flaw exposes Macs

A serious flaw in Mac OS X could be a conduit for attackers to install malicious code on computers running the Apple Computer software, experts warned Tuesday.

The security problem is the third to surface for the operating system in the past week. It exposes Mac users to risks that are more familiar to Windows users: Visiting a malicious Web site using Apple's Safari Web browser could result in a rootkit, a backdoor or other malicious software being installed on the computer without the user noticing anything, experts said.

"This could be really bad," the SANS Internet Storm Center, which tracks network threats, said Tuesday. "Attackers can run shell scripts on your computer remotely just by visiting a malicious Web site."

Apple is developing a patch for the flaw, a company representative told CNET News.com. "We're working on a fix so that this doesn't become something that could affect customers," the representative said, but could not give a delivery date for the update.

Word of the new vulnerability comes after the recent discovery of a Trojan horse and a worm that target Mac users. The operating system had not been in the security crosshairs previously.

http://news.zdnet.com/2100-1009_22-6041685.html

For them to work, you had to answer "yes" to a warning from the OS which asked for your root password. A volunteer virus is like the joke "Honor System Linux Worm" released a couple of years ago.

I'll investigate this one, but the antivirus companies are DESPERATE for a Mac Market Share. Right now there is a nearly ZERO Market Share because there have been ZERO things for Mac OSX users to worry about.

Oh yes, any script run this way would not have root privileges. You would need to find and exploit a second bug to gain root priority escalation. Not likely.

Still it could mess with that user's files, and will be closed very soon by Apple. I give it less than a week!

More...

http://www.macworld.com/news/2006/02/21/safari/index.php

Doesn't that come unchecked out of the box?

This is so silly. I have yet to see something really godawful hit my Macs exploit-wise. These "potential" exploits simply are pitiful and pale in comparison to the real scary damage that has visited my XP boxes the past two years.

Sort of like writing "fuck my ass" on your cheeks, and then bending over in the prison shower.

"Visiting a malicious Web site using Apple's Safari Web browser could result in a rootkit*, a backdoor or other malicious software being installed on the computer without the user noticing anything, experts said."

It does sound as if the vulnerability lies within the Mac Safari browser: "Mac OS X users can protect themselves by disabling the "Open safe files after downloading" option in Safari. In addition, users should be cautious when surfing the Web, the Apple representative said. "Apple always advises Mac users to only accept files from vendors and Web sites that they know and trust." But that goes without saying, regardless of your OS, right?

* - What is a 'rootkit'? Does it somehow supply Root privileges without the knowledge of the user?

You'd need to have a rootable bug your script could exploit. I know of none.

Still no viruses or spyware.

I keep that option in my preferences unchecked.

One "problem" vs. Thousands elsewhere.

yawn.

and that it opens in Terminal. It's just that Safari apparently just checks the extension to see if it is a "safe" file.

All the update will do is change this. This is not a big deal, at all.

This cannot result in a backdoor or a rootkit being installed. Period.

This particular exploit has been around for a while, and is nothing new. Or rather, a variant of this was around before and quickly patched. This allows a typing mechanism in a downloaded file to LOOK like a jpg file and fool Safari into thinking it is a trusted file. You can then execute code by opening a terminal and doing something. You could have your files in your home directory deleted, but really little else super damaging beyond that one execution.

The key is that Macintosh OS X does NOT permit anything seriously scary from being done without the user providing an administrator name and password. Should someone try to insert some scripting code that does something like this that can seriously compromise the system or install some backdoor or rootkit, the user will immediately be notified of something amiss by this password request being presented. A user would immediately know something was up when the terminal window suddenly popped up.

This is basically a lab experiment of a potential exploit with no implementation running around in the wild.

Much like the vulnerability described a few days ago, this is a big yawner. The fact of the matter that OS X is very adamant about preventing any kind of meddling with the system unless the user is asked for administrator access makes this thing far more secure than its Windows counterpart.

created to cause fear, uncertainty and doubt so as to boost the sales of a really incompetent (Symantec) Anti-Virus tool.

As shame Apple can't find a reason to sue them for this.

Good to have your feedback!
In other words, you have to work hard to infect your Mac with whatever.

Where there is smoke and no fire, you have to wonder whose smokescreen it is.

actually I believe OSX is gaining ground of late, because of it's UNIX core, it's superior security and great hardware to boot. Apple now provide Intel based Macs, so they are essentially reinventing the market. Windoze has a lot to worry about, especially because their system software is so flawed and closed software code. They have monopolized themselves into a corner. It's either Linux or Unix....

Who knows these things anyway? Anything is possible.

Bill Clinton has slept in Steve Job's House.

Michael Dell has fellated George W. Bush.

This isn't a NEW vulnerability; it's an old one that's been known for at least two years. But every time people jump on the "Mac is dead" bandwagon....

I love that the security companies are always trying to drum up Mac business by exaggerating the threats.

There's a simple fix: Don't auto-open anything. Duh.

At least that's not Mac centric....

I kinda thought that was an unholy alliance.

By the way, the core of the Mac OS has been available for X86 systems for some time. There's nothing particularly holy about Motorola or its CPUs.

http://www.opendarwin.org/

I was running a DarwinX86 machine at work for a while, to do preliminary software ports. A bit finicky about the hardware detection, but otherwise a stable OS.

They keep inventing non-problems and calling them "Horrible Serious Bugs".