[X4U] FW: US-CERT Technical Cyber Security Alert TA06-053A -- Apple Mac OS X Safari Command Execution Vulnerability

Mike Panas mpanas at callatg.com
Thu Feb 23 14:58:21 PST 2006


Thanks for this. I did the test and calculator .app did not launch.  
However, speed download did, but I don't yet know what, oif anything,  
it downloaded. I followed the advice in yesterday's osxhints and I  
guess it worked.
Mike
On Feb 23, 2006, at 2:30 PM, Stroller wrote:

> There's a sample 'sploit at http://secunia.com/ 
> mac_os_x_command_execution_vulnerability_test/
> It's safe to try & shows my system as vulnerable (but I'm using  
> Firefox right now, so it's not an immediate concern).
>
> Stroller.
>
>
> On 23 Feb 2006, at 17:45, richard.gilmore wrote:
>>
>> This came to my email this morning. Does anybody know anything  
>> about it?
>>
>>>                          National Cyber Alert System
>>>
>>>                  Technical Cyber Security Alert TA06-053A
>>>
>>>
>>> Apple Mac OS X Safari Command Execution Vulnerability
>>>
>>> ...
>>> I. Description
>>>
>>>     Apple Safari is a web browser that comes with Apple Mac OS X.  
>>> The
>>>     default configuration of Safari allows it to automatically "Open
>>>     'safe' files after downloading." Due to this default  
>>> configuration
>>> and
>>>     inconsistencies in how Safari and OS X determine which files are
>>>     "safe," Safari may execute arbitrary shell commands as the  
>>> result of
>>>     viewing a specially crafted web page.
>
> _______________________________________________
> X4U mailing list
> X4U at listserver.themacintoshguy.com
> http://listserver.themacintoshguy.com/mailman/listinfo/x4u
>
> Listmom is trying to clean out his closets! Vintage Mac and random  
> stuff:
>         http://search.ebay.com/_W0QQsassZmacguy1984
>



More information about the X4U mailing list