Triple threat to Mac OS X largely academic

Triple threat to Mac OS X largely academic
Robert Lemos, SecurityFocus 2006-02-24

At first blush, the past two weeks have not been good for the image of Apple's Mac OS X: Public descriptions of two worms and a trivial exploit for a serious software issue in the operating system appeared on the Internet.

Expand all | Post comment

Triple threat to Mac OS X largely academic 2006-02-24
Penguinisto

Triple threat to Mac OS X largely academic 2006-02-24
Anonymous (1 replies)

I'd hardly call a browser drive-by that downloads and executes an arbitrary program "largely academic". Nor is a flaw whereby the OS gives every indication that a file is harmless (in this example it looks like a jpeg), but treats it as an executable when opened from the email reader, "largely academic".

These are precisely the sorts of braindead flaws that Microsoft has (mostly) corrected over the past 3-4 years.

A proof of concept virus for the same basic problem was released years ago - there, a file that looked like an mp3 was actually an executable, and when opened, it even maintained the illusion by playing correctly in iTunes.

That should have been enough of a wakeup call for Apple to sort out the muddle of legacy that is file metadata in OS X.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11378/33266#33266

Re: Triple threat to Mac OS X largely academic 2006-03-11
Anonymous

Triple threat to Mac OS X largely academic 2006-02-24
Juha-Matti Laurio