Critical Mac OS X zero-day exploit

Summary:ZDNet's George Ou has posted some details about a scary new Mac OS X exploit that takes advantage of Safari. Unlike the relatively benign OSX.Leap.A worm which emerged last week this exploit is a major security hole because it requires no user interaction.

ZDNet's George Ou has posted some details about a scary new Mac OS X exploit that takes advantage of Safari. Unlike the relatively benign OSX.Leap.A worm which emerged last week this exploit is a major security hole because it requires no user interaction.

Heise online is reporting that a new critical vulnerability for Mac OS X has been discovered and it appears to have ramifications beyond the Safari brows. The problem is severe because a user simply needs to visit a malicious website and shell scripts with launch with zero user interaction!

Here is an excerpt from Heise online:
You can determine whether your system is vulnerable by using this online demonstration provided by Heise Security. The demo attempts to open a Terminal window to display the contents of a folder. If you are running Mac OS X in its standard configuration and use Safari, the window will open without waiting for a prompt. The script could just as well delete all files accessible to the current user. At this point, no web pages are known to misuse this vulnerability. However, this could change quickly.

Click through to George Ou's blog posting today for a temporary workaround to protect yourself if you use Safari on Mac OS X.

Topics: Apple

About

Jason D. O'Grady developed an affinity for Apple computers after using the original Lisa, and this affinity turned into a bona-fide obsession when he got the original 128 KB Macintosh in 1984. He started writing one of the first Web sites about Apple (O'Grady's PowerPage) in 1995 and is considered to be one of the fathers of blogging.... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.