More security problems bite Apple

Discussion in 'macOS' started by jacobj, Feb 22, 2006.

  1. jacobj macrumors 65816


    Apr 22, 2003
    The BBC has an article detailing a "serious" flaw in OSX that would allow hackers in


    Now I may not understand this fully, but as I read it this says that:

    A user can download a file that claims to be, let's say, a JPG, but it is actually an application and that OSX will treat it as an application.

    Now my understanding of OSX is that:

    1. Unless you have rights to do so you cannot install applications.
    2. Even if you are in the admin account it will ask you to confirm that you want to activate the application.

    So, if you were expecting a JPG and get an app then on your head be it if you activate it.

    How could Apple write an OS that can overcome this? The only other, more secure scenario I can imagine is that the OS checks the code and tells you that it is not particularly nice because of a list of reasons that it considers unwelcome. But that is asking TOO much in my opinion.
  2. liketom macrumors 601


    Apr 8, 2004
    i see that on there too ,

    apple are working on a fix - so no worrys :)
  3. iMeowbot macrumors G3


    Aug 30, 2003
    That part really isn't true. You can download and run programs within your home directory at will. Privileges are only required to install software in shared directories, and to enable programs to run with elevated privileges (for example setuid root).
    That one's not really true either. If you double-click on a document and it would be opened with a new program, you will be asked the first time. You won't be asked if you launch the application itself.
  4. stuartmingay macrumors member

    Apr 10, 2002
    ... the problem's not just that you download a file and find out it's an application, it's that by visiting a website a file could be forced onto your machine and then run without your intervention. The example given is a script that could delete all the files in your home folder and below. Very worrying!

    Also, if you read the articles written by the guy who found this problem, if you download a file with a .jpg extension, it will always display a .jpg icon. However, because it's executable, double-clicking will start the terminal application and run whatever is in the file.

  5. MisterMe macrumors G4


    Jul 17, 2002
    Malware masquerading as a .jpg will still be flagged as executable. It is up to the user to ignore the warning, complete the download, and launch the malware. If the user has never launched the Terminal before, one can expect a warning that it is being launched for the first time. In the worse case scenario, there may be reason for serious concern. However, these types of exploits require the cooperation of a sufficiently dense user.
  6. DeathChill macrumors 68000

    Jul 15, 2005
    This is where much of the Windows malware and viruses come from, but no Mac user ever seems to point that out. Windows just happens to have such a large install base that there are so many more dense users. ;)
  7. iMeowbot macrumors G3


    Aug 30, 2003
    Not with the "safe files" vulnerability. Safari is currently willing to believe that the script is not an application.
    Unfortunately that isn't happening. I just tested on both a fresh account, and an existing account on which I reset all the first-run warnings via lsregister. There was no prompt.
    In this case, it only requires sufficiently dense bundled software.
  8. YS2003 macrumors 68020


    Dec 24, 2004
    Finally I have arrived.....
    Because of this type of virus tickling on Mac platform, I set up a new Admini account while demoting my original Admini to Standard user. Even though Mac asks me enter password before installing any program, I feel this extra hurdle (ie. typing in Admini name and its password) gives me an extra security against the potential malware in the future.
  9. stoid macrumors 601


    Feb 17, 2002
    So long, and thanks for all the fish!
    However, I don't think that this is a virus either, maybe a worm in the best case scenario, but a worm that still requires user intervention to run it on each machine. This exploit is in an unexpected function of Mac OS X. Many Windows exploits are far more dangerous. The latest one they had with jpgs, was that an ACTUAL jpg could contain and execute code. This Mac trojan only references jpgs, because a person is most likely to open a jpg. There is no image information at all in the file.
  10. novicew macrumors member


    Jan 4, 2006
  11. pseudobrit macrumors 68040


    Jul 23, 2002
    Jobs' Spare Liver Jar
    This is not an application. This is a .term script that exploits the fact that most of us log into OSX with an admin account. Then it uses the Terminal. You can watch all of this happening to your Mac if you were to launch the "virus". Everything still must be done above the table and that is thanks to the virtues of UNIX.

    It's easy to beat the possibility of this happening:
  12. wasimyaqoob macrumors 6502a

    Dec 23, 2005
    London, England.
    I'm sure the guys at Apple are working to resolve the problem.
  13. MrSmith macrumors 68040


    Nov 27, 2003
    The article says:

    "The operating system can also be made secure against the loophole by changing some preferences."

    What preferences would these be?
  14. pseudobrit macrumors 68040


    Jul 23, 2002
    Jobs' Spare Liver Jar

Share This Page