Security
Concerning the OS X vulnerability
February, 23 2006 08:08 PM
In recent
days we've been seeing a lot of press regarding newly
discovered vulnerabilities in Apple's Safari web
browser. My response can be summed up as: no need for
panic, just be aware. In particular be aware of any
file that you download whether it is downloaded from
a web browser, email, or iChat.
Next, let's be clear that this is more a vulnerability of Mac OS X than it is of Safari. If you do use Safari I suggest a quick trip to its Preferences. Go to the General tab and uncheck the "Open safe files after downloading" checkbox. Turning off this option means you will have to manually expand downloaded files yourself.
So, to reiterate: be careful with downloaded files! If you download and expand an archive that contains a malicious script, if you then open that script which is masquerading as a file, it will still do whatever damage it would have automatically done. The thing to remember about this vulnerability is that it requires action on your behalf to do the damage. Know the source of your files and until this is fixed remember that the file which seems to be a jpg or tiff or whatever may not be so.
You can find more in this post by John Gruber over at Daring Fireball or in this post by Rosyna at Unsanity's blog. Both are very well written descriptions of the underlying problem and it definitely is a problem. Apple needs to fix this.
Technorati Tags: Apple, OS X, OS X Vulnerability, OS X Security
Next, let's be clear that this is more a vulnerability of Mac OS X than it is of Safari. If you do use Safari I suggest a quick trip to its Preferences. Go to the General tab and uncheck the "Open safe files after downloading" checkbox. Turning off this option means you will have to manually expand downloaded files yourself.
So, to reiterate: be careful with downloaded files! If you download and expand an archive that contains a malicious script, if you then open that script which is masquerading as a file, it will still do whatever damage it would have automatically done. The thing to remember about this vulnerability is that it requires action on your behalf to do the damage. Know the source of your files and until this is fixed remember that the file which seems to be a jpg or tiff or whatever may not be so.
You can find more in this post by John Gruber over at Daring Fireball or in this post by Rosyna at Unsanity's blog. Both are very well written descriptions of the underlying problem and it definitely is a problem. Apple needs to fix this.
Technorati Tags: Apple, OS X, OS X Vulnerability, OS X Security
|
© 2006 MacProductive, Denny Henke | Macintosh
Consulting for St. Louis, MO | Contact |
