Site icon Liquidmatrix Security Digest

Serious flaw on OS X

Juergen Schmidt over at Heise.de has found a rather significant vulnerability in the Safari browser on Mac OS X.

“In its default configuration shell commands are execute[d] simply by visting a web site – no user interaction required.”

A hacker could compromise your spankin new Mac simply by surfing to a website.

When this script was stored in a ZIP archive, Mac OS X will add a binary metadata to the archive. This file determines what will be used to open the main file in the archive, regardless of the extension or symbol displayed in the Finder.

Apparently, the Mail application is also vulnerable.

For more information on this emerging story check the following:

CNET Article
SANS Link
Heise.de Article

Exit mobile version