Home / News & Blogs

Mac OS X vulnerable to one-two combo attack

Robert Lemos | May 19, 2004 12:43 AM PDT

Summary

Two flaws, when used together, could let attackers who concoct a special Web site place a file on a Mac and then run the file through a simple browser command.

Topics

Robert Lemos
Apple Computer got hit by a double whammy this week when a security researcher publicized a pair of flaws in Mac OS X that when used together could let attackers place a malicious program on a Mac and then run the file.

The flaws could be used to create a virus that spreads through a Web link sent via e-mail messages. An attacker would have to also create a Web site with special programming.


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

The discoverer, who uses the name "lixlpixel," claims to have notified Apple in late February and said the company never responded. News of the vulnerabilities had started appearing on security mailing lists, prompting the flaw finder to post details of the weakness to the Web.

"Since these 'exploits' are on the rise and it's so easy to protect yourself--here you go," lixlpixel's posting said.

Apple refused to comment on the vulnerability, except to publish a release saying that such reports are taken "very seriously at Apple and we are actively investigating this potential security issue."

Apple has twice been criticized for its downplaying of security issues and itslack of response to the concerns of the security industry.

Security information service Secunia rated the issue "extremelycritical," on Tuesday, because online discussions have pointed out many different ways to exploit the flaws. Secunia recommended that Mac users avoid visiting untrusted Web sites and said Mac administrators and others avoid surfing the Internet while signed on to their networks as privileged users.

Secunia verified the flaws in Apple's operating system by viewing malicious code using Internet Explorer for the Mac and Safari.

More about this issue can be found in the advisories section of Secunia's Website.

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity