brainslicer Postad 21 November , 2007 Rapport Postad 21 November , 2007 Mac användare bör inte öppna mailbilagor: Apple Mail Command Execution Vulnerability Secunia Advisory: SA27785 Release Date: 2007-11-22 Critical: Highly critical Impact: System access Where: From remote Solution Status: Unpatched OS:Apple Macintosh OS X Description:A vulnerability has been reported in Apple Mail, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the handling of unsafe file types in email attachments. This can be exploited via a specially crafted email containing an attachment of an ostensibly safe file type (e.g. ".jpg") to execute arbitrary shell commands when the attachment is double-clicked. This is related to vulnerability #8 in: SA19064 The vulnerability is reported in Apple Mail included in Apple Mac OS X 10.5 (Leopard). Solution: Do not open attachments from untrusted sources. info från andra sajter:Apple Mac OS X Mail Arbitrary Code Execution Vulnerability Sårbarhet i Apple Mac OS X editerade om när secunia infon släpptes Citera
brainslicer Postad 22 November , 2007 Författare Rapport Postad 22 November , 2007 En bump för att uppmärksamma mac användare... Citera
enhetsmatris Postad 24 November , 2007 Rapport Postad 24 November , 2007 Tack för tipset. På heise-securitys hemsida (hittas via OPs första länk) kan man testa om man är utsatt. Jag kör Leopard med senaste uppdateringarna och när jag fick ett testmail av heise-security och öppnade den bifogade filen (.jpg) så exekverades mycket riktigt ett shellscript i terminalen. Vidöppet med andra ord. Citera
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.