Security issue in OS X, Safari, Mail, ...
You are here:  SillyDog701 > Message Centre > Mac OS and Apple > [sdt=10950]
SillyDog701 Forums
Author Message
Antony
Site Admin


Joined: 18 Jun 2002
Posts: 12754
Location: Sydney, Australia
25 Feb, 2006 11:47 pm Security issue in OS X, Safari, Mail, ... [sdp=70893]  
This thread is to provide some organised information regarding security holes, viruses, worms etc that targets Mac OS X and Safari, Mail.app.

This thread will be updated from time to time. To discuss each individual case, please follow each each thread.

OSX/Leap-A: thread
cause: A proof-of-concept piece of malware, the worm attempts to spread via iChat instant messaging. The worm sends itself to available contacts on the infected users' buddy list in a file called "latestpics.tgz" This worm requires users to enter administrator password.

official words: "Leap-A is not a virus, it is malicious software that requires a user to download the application and execute the resulting file."

solution: (obvious,) don't launch untrusted applications.
update solution: install Security Update 2006-001

Safari (launches unsafe file) thread
cause: (by default) Safari launches downloaded ZIP archives by itself, no user interaction.

solution: Go to Safari's preferences, and in General preferences un-tick “Open "safe" files after downloading”. (see this screenshot)
update solution: install Security Update 2006-001

Mail (launches unsafe file) discussion thread (also this one)
cause: (similar to above Safari case) error in file association meta data in ZIP archives and mail messages may be used to trick user to execute malicious shell scripts.

solution: Do not click any attachments in Mail.app. If you want to see the attached file, Save it to your harddisk first. Otherwise, do not open files in archives or mail attachments originating from untrusted sources.
update solution: install Security Update 2006-001

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8
MozInfo701 | MacCentre701 | AntBlog701 | don't steal music.
Back to top profile website
Antony
Site Admin


Joined: 18 Jun 2002
Posts: 12754
Location: Sydney, Australia
11 May, 2006 10:19 pm [sdp=73402]  
Security Updates 2006-003 is now available for Mac OS X 10.4.6 and 10.3.9 users.

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418 (KHTML, like Gecko) Safari/417.9.2
MozInfo701 | MacCentre701 | AntBlog701 | don't steal music.
Back to top profile website
Antony
Site Admin


Joined: 18 Jun 2002
Posts: 12754
Location: Sydney, Australia
28 Nov, 2006 9:57 pm [sdp=79851]  
installer issue ("iAdware") was addressed in Security 2006-007

UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/418.9 (KHTML, like Gecko) Safari/419.3
MozInfo701 | MacCentre701 | AntBlog701 | don't steal music.
Back to top profile website
Antony
Site Admin


Joined: 18 Jun 2002
Posts: 12754
Location: Sydney, Australia
14 Mar, 2007 11:26 am [sdp=83363]  
According to Cnet News.com, Apple fixed 45 security holes in Mac OS X 10.4.9 update and Security Updates 2007-003 for Panther.

Quote:
It deals with vulnerabilities in Apple's own software, as well as third-party components such as Adobe Systems' Flash Player, OpenSSH and MySQL. Sixteen of the vulnerabilities addressed by the update were previously released as part of two high-profile bug-hunting campaigns.

(...)

Tuesday's update deals with nine vulnerabilities released as part of the Month of Apple Bugs in January and seven bugs disclosed in the Month of Kernel Bugs in November. In earlier fix releases, Apple fixed several flaws identified during the projects.


For more detail, please read Apple megapatch plugs 45 security holes (Cnet news.com)

UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2
MozInfo701 | MacCentre701 | AntBlog701 | don't steal music.
Back to top profile website
Display posts from previous:   
This topic is locked: you cannot edit posts or make replies.    Forum Index > Mac OS and Apple All times are CST (GMT -6)
page 1 of 1
To add your questions, comments, and for more features and more, please join SillyDog701 Message Centre. It's free! This is SillyDog 701 Message Centre (SD701 Forums).

Complete Mozart iTunes

*Search | FAQ | Rules and Policies | MozInfo701 - Mozilla Information Centre | SD701 Open Directory | Message Board Map | download Netscape