Focus on Apple
Re: .dmg file exploit Nov 21 2006 09:08PM
mfossi securityfocus com (2 replies)
Re: .dmg file exploit Nov 22 2006 03:05AM
Jason (security brvenik com) (1 replies)
I think there still might be a path to follow for (semi auto?) remote.

IIRC, Safari opens ftp:// as a mount in finder. I'm not in a position to
test at the moment but I suspect that the right combination is easily found.

mfossi (at) securityfocus (dot) com [email concealed] wrote:
> Yes, it's just that if 'Open "safe" files after downloading' is ebabled
> it would be slightly more automatic. While not likely to make a
> difference to advanced users, it would probably make it easier for
> novice users to be exploited.
>
> Marc Fossi
> Symantec Corp.
> www.symantec.com
>
>
> On Tue, 21 Nov 2006, Roland Dobbins wrote:
>
>>
>> On Nov 21, 2006, at 7:19 AM, mfossi (at) securityfocus (dot) com [email concealed] wrote:
>>
>>> Another reason to make sure that the 'Open "safe" files after
>>> downloading' option is unchecked in Safari.
>>
>> This is still an issue even if one downloads the .dmg and opens it
>> later, is it not?
>>
>> -----------------------------------------------------------------------
>> Roland Dobbins <rdobbins (at) cisco (dot) com [email concealed]> // 408.527.6376 voice
>>
>> All battles are perpetual.
>>
>> -- Milton Friedman
>>
>>
>>
>

[ reply ]
Re: .dmg file exploit Nov 22 2006 04:04PM
Martin Roesch (roesch sourcefire com)
Re: .dmg file exploit Nov 21 2006 09:49PM
Roland Dobbins (rdobbins cisco com) (2 replies)
DNSSEC validation Sep 24 2008 07:20PM
Dave Piscitello (dave corecom com)
Re: .dmg file exploit Nov 22 2006 03:25PM
mfossi securityfocus com (1 replies)
Re: .dmg file exploit Nov 22 2006 04:04PM
Roland Dobbins (rdobbins cisco com) (1 replies)
Re: .dmg file exploit Nov 22 2006 06:02PM
Martin Roesch (roesch sourcefire com) (3 replies)
Re: .dmg file exploit Nov 22 2006 11:25PM
Eric Hall (securityfocus darkart com)
Re: .dmg file exploit Nov 22 2006 06:40PM
Jeramey Valley (ValleyJR mps k12 mi us) (1 replies)
Re: .dmg file exploit Nov 22 2006 08:23PM
Martin Roesch (roesch sourcefire com) (1 replies)
Re: .dmg file exploit Nov 22 2006 10:44PM
stephen joseph butler (stephen butler gmail com)
Re: .dmg file exploit Nov 22 2006 06:37PM
Roland Dobbins (rdobbins cisco com) (1 replies)
Re: .dmg file exploit Nov 22 2006 08:29PM
Martin Roesch (roesch sourcefire com) (2 replies)
Re: .dmg file exploit Nov 23 2006 04:12AM
K F \(lists\) (kf_lists digitalmunition com)
Re: .dmg file exploit Nov 22 2006 08:45PM
Roland Dobbins (rdobbins cisco com) (1 replies)
Re: .dmg file exploit Nov 23 2006 10:15AM
Simon Slavin (s slavin lancaster ac uk) (1 replies)
Re: .dmg file exploit Nov 23 2006 07:53PM
K F \(lists\) (kf_lists digitalmunition com) (1 replies)
Re: .dmg file exploit Nov 23 2006 09:30PM
Howard Oakley (h oakley btconnect com) (1 replies)
Re: .dmg file exploit Nov 24 2006 03:12AM
K F (lists) (kf_lists digitalmunition com) (1 replies)
Re: .dmg file exploit Nov 24 2006 03:05PM
Simon Slavin (s slavin lancaster ac uk) (1 replies)
Re: .dmg file exploit Nov 24 2006 03:51PM
David Maynor (dmaynor gmail com) (1 replies)
Re: .dmg file exploit Nov 24 2006 03:56PM
Simon Slavin (s slavin lancaster ac uk)


 

Privacy Statement
Copyright 2010, SecurityFocus