New Mac OS X exploit disclosed

Discussion in ' News Discussion' started by MacBytes, Jan 15, 2007.

  1. MacBytes macrumors bot

    Jul 5, 2003
  2. xUKHCx Administrator emeritus


    Jan 15, 2006
    The Kop
    Yet another reason to turn this preference off if you haven't already.
  3. Passante macrumors 6502a


    Apr 16, 2004
    on the sofa
  4. bryanc macrumors 6502

    Feb 12, 2003
    Fredericton, NB Canada
    Safari clearly needs to change the definition of 'safe' files. Anything that can contain executable code is not safe. Disk images are obviously not 'safe'.

    The only things I'd like to see Safari automatically opening after downloading are PDFs and image files. And it might be a good idea to open these in a sandbox with very restricted permissions.

    The 'open safe files after downloading' preference is a recipe for disaster the way it is currently implemented. Nevertheless, it's not really a bug, it's functioning as intended.

  5. benthewraith macrumors 68040


    May 27, 2006
    Miami, FL
    Ah, Secunia, the company that insists on broadcasting vulnerabilities out on the net that wouldn't be known otherwise.
  6. eluk macrumors 6502a


    Dec 14, 2006
    East London, UK
    The ostrich is very vulnerable.
  7. spice weasel macrumors 65816

    Jul 25, 2003
    How is this a new bug? We've had knowledge of this potential exploit for a good while now. I have no doubt that there are bugs in OS X, but come on people, let's not rehash the same old ones, especially when they are easily preventable.
  8. whooleytoo macrumors 603


    Aug 2, 2002
    Cork, Ireland.
    Quite possibly it would make little difference. If this option is turned off, many people will just open the file manually via the Downloads window, which is likely to have the same security vulnerability.
  9. montex macrumors regular


    Jan 17, 2002
    Seattle, WA
    I'm calling shenanigans on this one. The article very clearly states that an exploit COULD occur from an auto-opened dmg file. But until it has actually been demonstrated with functioning malware that this CAN be done, then I don't believe it. It's one thing to say you could land a man on the moon -- but it's quite another to actually do it.

    BTW, Secunia makes their living selling security software. Is it little wonder that they gave this "exploit" a "Highly Critical" warning? These guys are jonesing so hard for an OS X virus - I wouldn't be surprised to learn they are trying to write one themselves.
  10. SMM macrumors 65816


    Sep 22, 2006
    Tiger Mountain - WA State
    You and I are of alike minds. If I were a company like MS/Apple and a virus/malware was unleashed, using an exploit published by someone like Secunia, I would sue them out of existence as facilitators, or even charge them with accessories. The feds should take a few weeks off from busting pot smokers and focus on putting these jerks out of business.
  11. bousozoku Moderator emeritus

    Jun 25, 2002
    Gone but not forgotten.
    I'd rather have the world know than living unsafe in the knowledge that some vulnerability might exist.

    It's good for Apple to get these things under control, as much as they can.

    If someone opens the disk image on their own, it's not Apple's fault. If people choose to enable the "open safe files" option, that's not Apple's fault either. Having the option enabled to start is just asking for trouble. They turned it off in the past. Why did someone think that it was okay to enable it by default?
  12. Peace macrumors P6


    Apr 1, 2005
    Space--The ONLY Frontier
    This is REALLY old..

    What are these guys doing recycling the 2 known bugs each week to fit into their month of apple bugs?
  13. cwt1nospam macrumors 6502a

    Oct 6, 2006
    Yes, and they don't care that there is no exploit for the vulnerability. They're going to call it an exploit anyway. :rolleyes:

Share This Page