Another (nasty) OS X vulnerability

Richard Harper spotted this little nasty and sent a heads-up to a mailing list I monitor ....

http://www.heise.de/english/newsticker/news/69862

"The demo attempts to open a Terminal window to display the contents of a folder.  If you are running Mac OS X in its standard configuration and use Safari, the window will open without waiting for a prompt. The script could just as well delete all files accessible to the current user. At this point, no web pages are known to misuse this vulnerability. However, this could change quickly."

Cross-reference - Mac OS X viruses disclosed:
http://msmvps.com/blogs/spywaresucks/archive/2006/02/17/83978.aspx

 

Published Tue, Feb 21 2006 5:12 by sandi
Filed under: ,

Comments

# It gets worse - OS X vulnerability

Tuesday, February 21, 2006 4:16 AM by Spyware Sucks
Update: ICSAN says it is worse than first though:http://isc.sans.org/
"This actually looks more serious...

# It gets worse - OS X vulnerability

Tuesday, February 21, 2006 4:18 AM by Spyware Sucks
Update: ICSAN says it is worse than first though:http://isc.sans.org/diary.php?storyid=1138
"This actually...

# It gets worse - OS X vulnerability

Tuesday, February 21, 2006 4:51 AM by Spyware Sucks
Update: ICSAN says it is worse than first though:http://isc.sans.org/diary.php?storyid=1138
"This actually...

# It gets worse - OS X vulnerability

Tuesday, February 21, 2006 4:52 AM by Spyware Sucks
Update: ICSAN says it is worse than first though:http://isc.sans.org/diary.php?storyid=1138
"This actually...