'Serious Flaw' Claimed Found in Mac OS
German technology site Heise Online reported Monday that a serious flaw has been discovered within Mac OS X. The vulnerability could put users in danger of falling victim to a scripting attack, say security experts. But like the previous "virus" reported last week, manual interaction is required.
The danger exists in how a specially designed binary file is written. To the untrained eye, the file may appear as a normal QuickTime .mov for example, but will actually open up the operating system's Terminal application and execute scripting commands.
The malicious script could be given any extension -- such as .jpg, .gif, .wmv, and so on -- that would make it appear as a normal, safe file. However, a metadata file associated with the script would open it using Terminal rather than the expected application.
While originally thought to primarily affect Safari users who have "Open 'safe' files after downloading" enabled, the SANS Internet Storm Center later noted that by simply unzipping the file from any source and manually running it would put a user at risk.
Users could uncheck the option within Safari, says SANS, but it would not prevent the user from running the files on their own.
"When this script was stored in a ZIP archive, Mac OS X will add a binary metadata to the archive. This file determines what will be used to open the main file in the archive, regardless of the extension or symbol displayed in the Finder," said SANS.
Heise Online said as of Monday it knew of no Web site taking advantage of this vulnerability, although added, "this could change quickly."
The discovery of the problem comes just days after reports of the first virus for Mac OS X. However, both Apple and enthusiasts of the platform dismissed the notion, saying malicious software was different from a virus. Exploiting this new flaw ostensibly requires a similar level of user interaction.
Apple recommends that users practice safe browsing habits and never run questionable files in order to avoid such risks.