Tuesday, February 21, 2006

Critical Vulnerability: Mac OS X '__MACOSX' ZIP Archive Shell Script Execution

Via Secunia.

Description:
Michael Lehn has discovered a vulnerability in Mac OS X, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the processing of file association meta data (stored in the "__MACOSX" folder) in ZIP archives. This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive.

This can also be exploited automatically via the Safari browser when visiting a malicious web site.

Secunia has constructed a test, which can be used to check if your system is affected by this issue:
http://secunia.com/mac_os_x_command_execution_vulnerability_test/

The vulnerability has been confirmed on a fully patched system with Safari 2.0.3 (417.8) and Mac OS X 10.4.5.

Solution:
The vulnerability can be mitigated by disabling the "Open safe files after downloading" option in Safari.

Do not open files in ZIP archives originating from untrusted sources.

0 Comments:

Post a Comment

<< Home