Published: 2006-02-21, Last Updated: 2006-02-21 22:15:27 UTC - by Kyle Haugsness (Version: 3)

… a serious vulnerability has been found in Apple Safari on OS X. “In its default configuration shell commands are execute[d] simply by visting a web site – no user interaction required.” This could be really bad. Attackers can run shell scripts on your computer remotely just by visiting a malicious website.

Full text of the article: http://www.heise.de/english/newsticker/news/69862
Proof of concept from the original discoverer (Michael Lehn): http://www.mathematik.uni-ulm.de/~lehn/mac.html

The problem is due to a feature that is activated by default: Open Safe Files after downloading. A zip file is considered safe and so they will be opened automatically. Subsequently, a shell script with no #! at the beginning of the script will be executed automatically. No user interaction!

[[T_F]]Digital Content Theft Prevention and Tracing, Downloads and Online Property Protectiontracefusion_signature=d41e044552eb97617265603499d60e07fbe9937f2c69f47a48363e83a2a57292a2efc077c7666ad2ce23a86fea8c934f9fef856c68606f51fa66ca64d7cc694c063510af12be9fefe9994075cc7219cb06a84241bcc2b9706e49c4f7f527d868cb81092f3cf2162a1f5d2aea7921091c125fc8aaaa3676d2a40e0a5cbd2b0e1cbba43878c24eaa6c03615d4cb0ebbbe5ed3257f457690e9cd73e8f6059ed4183714b15d4c60308b723ede679e2570ab495b40b030f7d81e8583780895c5898d1ff3608f638b84cac5234fc9e0512ee0d484cdfde97ec5a394c26b0d4135888181307e3abfad9009f696974b64acc41d9e74a8e6ee491eb797ad22a1874ecd7a4d7829a2fa91d21c1df7f0286051f04d065a90e21392c0137cfcb14754b76c258044783ba5e2d9b5b69b5e77ccaa336e3da2ddaeafb301e69061f07417b3641d373d7dc21db09dbedfd717e04e20479910acb085e89c4b02958d01d275527b944f719e314eb095d3ebcb15de9b753da287c0b24531f17f17f264752395749efdf48d2a8cde068d864cc3980fb5acee941533b59258070235687925a310467baaa045c26b349b4055b5c798820e2623e8b1a198b312ed579c1d03196d6dcca7fed1aca7fecdb[[T_F]]

0 :Default Configuration, Discoverer, Os X, Shell Commands, Shell Script, Shell Scripts, Vulnerability more...

This entry is part 1 of 1 in the series Cash Flow

Recommended:

Money savings expert

[[T_F]]Digital Content Theft Prevention and Tracing, Downloads and Online Property Protectiontracefusion_signature=d41e044552eb97617265603499d60e07fbe9937f2c69f47a48363e83a2a57292a2efc077c7666ad2ce23a86fea8c934f9fef856c68606f51fa66ca64d7cc694c063510af12be9fefe9994075cc7219cb06a84241bcc2b9706e49c4f7f527d868cb81092f3cf2162a1f5d2aea7921091c125fc8aaaa3676d2a40e0a5cbd2b0e1cbba43878c24eaa6c03615d4cb0ebbbe5ed3257f457690e9cd73e8f6059ed4183714b15d4c60308b723ede679e2570ab495b40b030f7d81e8583780895c5898d1ff3608f638b84cac5234fc9e0512ee0d484cdfde97ec5a394c26b0d4135888181307e3abfad9009f696974b64acc41d9e74a8e6ee491eb797ad22a1874ecd7a4d7829a2fa91d21c1df7f0286051f04d065a90e21392c0137cfcb14754b76c258044783ba5e2d9b5b69b5e77ccaa336e3da2ddaeafb301e69061f07417b3641d373d7dc21db09dbedfd717e04e20479910acb085e89c4b02958d01d275527b944f719e314eb095d3ebcb15de9b753da287c0b24531f17f17f264752395749efdf48d2a8cde068d864cc3980fb5acee941533b59258070235687925a310467baaa045c26b349b4055b5c798820e2623e8b1a198b312ed579c1d03196d6dcca7fed1aca7fecdb[[T_F]]

0 :Expert, Manage Money, Money Savings more...

This entry is part 2 of 2 in the series Computer Assets

[[T_F]]Digital Content Theft Prevention and Tracing, Downloads and Online Property Protectiontracefusion_signature=d5f904fb9b2d78e18e06574eca0e91943dc5e114cc6ae1dac6a25e4f357f78b71757edb2ddb2fee797ae7562ed1f2b16ad0ded38eae2f4ec91c6ffa6fb9faae0aa3e58136c174f0dede100b2d9aad601a43f62b6b14bb740d2eea1bbddd87d82e3a530246c4bd61e660c885bcdb0d070241d2b764f665e3f97792e268b48642e0b457a42c3b6aae86a34f088ab4de545f9e8569dda9ce02f0b9c4f2cf296e1525991780306cc587688fbe3edb27e9ca75b195a24362ec921e2825d33208a830391ccde23de4342ab6a965bcb0e3817ee28a1ab8c4f1dea8640aa7f739a14832202143df365c780330ce0e0db5ea7aab196c97e6defc613f9b1bf1cfc35c7e70ac70ade32eaf020d35329a85e4c40284715c2f2ee70406a305faba41ad8a4dfb6823abd35468e690484e1580ecfaf745ff5866987e7c4520ee0bf0c3cb0c45eb194d59d8a71842185e9c8d0af05e3057890082a095f88c5b12849d11ca65426b85df614e219ea085c3f8db058e8b652db28fd0a25529e16f07e27465338564b6ede49d3a9cce169d965cd38c1fa5bcfe84052ba58248171225786935b300576bbab055d27b24b35045a5c7c0921e3633f8a1b188a302fd478c0d0eecdd6fc58f2c73c58f2c6fe[[T_F]]

0 :Applications more...

« PREVIOUS ENTRIES

Links

Categories
Addresses Antivirus Protection Attacker Business Plan Checkout Corporate Branding Cybercrime Report Denial Of Service Dissertation Dissertation Advisor Domain Hosting Domain Name Ecommerce Email Email Addresses Email Spam Expert User Free Domain Garlik Hacking Hosting Plans Mail Client Online Poll Online Shopping Organization Outlook Outlook Express Personal Branding Private Addresses Private Email Register Domain Report Author Report Pdf Security Web Sensitive Personal Data Single Source Social Engineering Spam Spam Email Target User Ulmer Unauthorized Access Unsolicited Email Url Https Web Developer Business (7)
Checklist (7)
Computers (2)
Dissertation (3)
Employment (1)
Hosting (3)
Law Enforcement (3)
Online (1)
Online Crimes (6)
Online Shop (1)
Public User (4)
Research Papers (1)
Security (5)
Security Professionals (4)
Stakeholders (5)
Technical Support (1)
Techniques (3)
Training (10)
UoL (8)
Website (6)

WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.

Online Shop
Consultancy [1]
Remote Assistance
E-books [5]
Software [4]
Auction
Email Automation
Web Design
Templates [1]
Training [1]
Web Services [3]
Website Adverts
Web Hosting
Web Design