[X4U] FW: US-CERT Technical Cyber Security Alert TA06-053A --
Apple Mac OS X Safari Command Execution Vulnerability
Stroller
macmonster at myrealbox.com
Thu Feb 23 14:30:32 PST 2006
There's a sample 'sploit at http://secunia.com/
mac_os_x_command_execution_vulnerability_test/
It's safe to try & shows my system as vulnerable (but I'm using
Firefox right now, so it's not an immediate concern).
Stroller.
On 23 Feb 2006, at 17:45, richard.gilmore wrote:
>
> This came to my email this morning. Does anybody know anything
> about it?
>
>> National Cyber Alert System
>>
>> Technical Cyber Security Alert TA06-053A
>>
>>
>> Apple Mac OS X Safari Command Execution Vulnerability
>>
>> ...
>> I. Description
>>
>> Apple Safari is a web browser that comes with Apple Mac OS X. The
>> default configuration of Safari allows it to automatically "Open
>> 'safe' files after downloading." Due to this default
>> configuration
>> and
>> inconsistencies in how Safari and OS X determine which files are
>> "safe," Safari may execute arbitrary shell commands as the
>> result of
>> viewing a specially crafted web page.
More information about the X4U
mailing list