Focus on Apple
Heise warns of flaw in Apple Mail Nov 20 2007 09:07PM
Michael Dalling (mtdalling gmail com) (1 replies)
Re: Heise warns of flaw in Apple Mail Nov 21 2007 12:17AM
Indy (ind cca smith gmail com) (1 replies)
"About 90 percent of the time, he said, the file will run with no
warning. He has yet to pinpoint what causes the dialog box to appear
sometimes and not others."

And he won't pinpoint it. It's a race condition. I found something
similar and submitted it to apple since I don't get my jollies on
publicity. That said, the sooner fixed the better.

On Nov 20, 2007, at 4:07 PM, Michael Dalling wrote:

> "The bug in Apple Mail makes it possible for attackers to run
> malicious
> code on a victim's machine by disguising an executable program as an
> image or other type of innocuous file, said Juergen Schmidt,
> editor-in-chief at Heise Security. A user can become infected simply
> by
> clicking on an attachment that looks like a jpeg image."
>
> <http://www.theregister.co.uk/2007/11/20/leopard_reintroduces_security_v
uln/
> >
>
> Heise demo:
>
> <http://www.heise-security.co.uk/services/emailcheck/demos/go.shtml?mail
=apple
> >
>
> --
> Michael

[ reply ]
Re: Heise warns of flaw in Apple Mail Nov 21 2007 09:16AM
Derek Chesterfield (dez mac com) (1 replies)
Re: Heise warns of flaw in Apple Mail Nov 21 2007 09:08PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (1 replies)
Re: Heise warns of flaw in Apple Mail Nov 22 2007 06:32PM
Derek Chesterfield (dez mac com)


 

Privacy Statement
Copyright 2010, SecurityFocus