Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
General
GeneralPortable MacsHardwareNetworking
Applications
Mac ApplicationsEudoraFirefox / MozillaInternet ExplorerOutlook ExpressMS OfficeEntourageExcelPowerPointWordVirtual PCMedia PlayerOther MS Products
Programming
Mac ProgrammingCodeWarriorPerl
Country Specific
Australian Mac GroupUK Mac Group

Mac Forum / General / Networking / February 2006


Tip: Looking for answers? Try searching our database.

Apple Safari Browser Automatically Executes Shell Scripts

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
MacSecurityNews - 21 Feb 2006 04:34 GMT
A new Safari-specific vulnerability (which appears to affect Mail.app
as well) has been documented by the German site 'heise.de':

   "Shortly after reports of the first virus for Mac OS X, a new
security flaw has surfaced. The culprit is the option "Open 'safe'
files after downloading" in Apple's Safari web browser. This feature is
activated by default. Its function is to automatically display images
and movies after they are transmitted to the user's computer, using the
application assigned to that particular document format. Safari will
also unpack ZIP archives and display the documents within if they are
considered "safe". If active content such as an application or shell
script is found within the archive, a prompt requests user
confirmation. So far, so good.

   Problems ensue if a shell script is stored into a ZIP archive
without the so-called shebang line. If this line is omitted, Safari no
longer recognizes the content as potentially dangerous and executes
shell commands without a confirmation prompt. This behavior has been
discovered by Michael Lehn, who has documented it on a web site."

The full article is available at
http://www.heise.de/english/newsticker/news/69862 . Those of you that
are concerned are advised to use an alternate browser, such as Camino
or Firefox.

Additional details:  http://www.macsecuritynews.com
Reply to this Message
Tim McNamara - 21 Feb 2006 15:02 GMT
> A new Safari-specific vulnerability (which appears to affect
> Mail.app as well) has been documented by the German site 'heise.de':

<snip>

> The full article is available at
> http://www.heise.de/english/newsticker/news/69862 . Those of you
> that are concerned are advised to use an alternate browser, such as
> Camino or Firefox.

Or perhaps turning off the offending preference in Safari?
Reply to this Message
Stew - 21 Feb 2006 16:48 GMT
>> A new Safari-specific vulnerability (which appears to affect
>> Mail.app as well) has been documented by the German site 'heise.de':
[quoted text clipped - 7 lines]
>
>Or perhaps turning off the offending preference in Safari?

Before or after the script deletes all of your important files?
Reply to this Message
Tim McNamara - 21 Feb 2006 18:38 GMT
>>> A new Safari-specific vulnerability (which appears to affect
>>> Mail.app as well) has been documented by the German site
[quoted text clipped - 10 lines]
>
> Before or after the script deletes all of your important files?

Doesn't exactly require an answer, does it?  However, MacSecurityNews
forgot to mention that the Mozilla family of browsers also have
security problems.  Just switching a browser is no substitute for the
user being intelligent.
Reply to this Message
Paul Halliday - 21 Feb 2006 21:20 GMT
>>>> A new Safari-specific vulnerability (which appears to affect
>>>> Mail.app as well) has been documented by the German site
[quoted text clipped - 15 lines]
> security problems.  Just switching a browser is no substitute for the
> user being intelligent.

That's the crux of it! Unfortunately, this kind of thing is along the same
lines a confidence tricking. Intelligent people also have their limits.

In this circumstance, Apple have already posted their advice on the matter
when it was found that an executable could be put into a file purporting to
be an MP3. They recommended turning off the automatically open "safe"
downloads. That was a good couple of years ago, so this really should not be
anything new. Personally, I think there is no such thing as a safe download.
Any downloaded file should be looked at carefully.
Reply to this Message
J.J. O'Shea - 22 Feb 2006 03:17 GMT
>>>>> A new Safari-specific vulnerability (which appears to affect
>>>>> Mail.app as well) has been documented by the German site
[quoted text clipped - 25 lines]
> anything new. Personally, I think there is no such thing as a safe download.
> Any downloaded file should be looked at carefully.

Personally, I turned it off mostly because that was the fastest way to get
rid of the warning message that would pop up *each and every time* I
downloaded something which might auto-open. Opening the files myself was less
annoying than putting up with that message. More secure, too, but the
annoyance factor was definitely the major factor.

That was then, when there were no real malware on the loose for OS X. Now
that there actually is malware, even though they're _stupid_ malware which
are easily defanged, the security aspect is #1.

Meanwhile, over on my Windows box, I had to have multiple 'security' apps
running, which sucked down performance till my 2.83GHz Pentium 4 with 1.25GB
RAM was slower at many tasks than my 1.25GHz eMac with 1GB RAM. Just booting
the bloody thing up takes forever. (Well, okay, just over three minutes from
POST beep to no more hourglass; the same machine boots Linux to the desktop
in under 45 seconds, so it ain't the hardware...)

Signature

email to oshea dot j dot j at gmail dot com.

Reply to this Message
Daniel Cohen - 22 Feb 2006 10:30 GMT
> In this circumstance, Apple have already posted their advice on the matter
> when it was found that an executable could be put into a file purporting to
> be an MP3. They recommended turning off the automatically open "safe"
> downloads. That was a good couple of years ago, so this really should not be
> anything new. Personally, I think there is no such thing as a safe download.
> Any downloaded file should be looked at carefully.

As you say, the advice is not new.

But with the previous exploit, Apple soon provided a security update
that solved the problem even if "safe" downloads were opened
automatically., so many of us went back to this convenient choice. I
hope they will be able to do so this time.
Signature

Send e-mail to the Reply-To address;
mail to the From address is never read

Reply to this Message
Paul Halliday - 22 Feb 2006 20:07 GMT
>> In this circumstance, Apple have already posted their advice on the matter
>> when it was found that an executable could be put into a file purporting to
[quoted text clipped - 9 lines]
> automatically., so many of us went back to this convenient choice. I
> hope they will be able to do so this time.

Indeed! As a, well, not too recent switcher, I've always been very impressed
with the speed at which Apple have dealt with security issues. Timely and
well documented. I'm sure we'll see a Security Update in a short while.
Reply to this Message
Stan Horwitz - 26 Feb 2006 22:22 GMT
> >>> A new Safari-specific vulnerability (which appears to affect
> >>> Mail.app as well) has been documented by the German site
[quoted text clipped - 15 lines]
> security problems.  Just switching a browser is no substitute for the
> user being intelligent.

Nor is turning off a web browser preference if you manually download a
piece of malware and execute it. The best way to guard against being
harmed by malware is to think before you do things.
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.