[X4U] FW: US-CERT Technical Cyber Security Alert TA06-053A --
Apple Mac OS X Safari Command Execution Vulnerability
Mike Panas
mpanas at callatg.com
Thu Feb 23 14:58:21 PST 2006
Thanks for this. I did the test and calculator .app did not launch.
However, speed download did, but I don't yet know what, oif anything,
it downloaded. I followed the advice in yesterday's osxhints and I
guess it worked.
Mike
On Feb 23, 2006, at 2:30 PM, Stroller wrote:
> There's a sample 'sploit at http://secunia.com/
> mac_os_x_command_execution_vulnerability_test/
> It's safe to try & shows my system as vulnerable (but I'm using
> Firefox right now, so it's not an immediate concern).
>
> Stroller.
>
>
> On 23 Feb 2006, at 17:45, richard.gilmore wrote:
>>
>> This came to my email this morning. Does anybody know anything
>> about it?
>>
>>> National Cyber Alert System
>>>
>>> Technical Cyber Security Alert TA06-053A
>>>
>>>
>>> Apple Mac OS X Safari Command Execution Vulnerability
>>>
>>> ...
>>> I. Description
>>>
>>> Apple Safari is a web browser that comes with Apple Mac OS X.
>>> The
>>> default configuration of Safari allows it to automatically "Open
>>> 'safe' files after downloading." Due to this default
>>> configuration
>>> and
>>> inconsistencies in how Safari and OS X determine which files are
>>> "safe," Safari may execute arbitrary shell commands as the
>>> result of
>>> viewing a specially crafted web page.
>
> _______________________________________________
> X4U mailing list
> X4U at listserver.themacintoshguy.com
> http://listserver.themacintoshguy.com/mailman/listinfo/x4u
>
> Listmom is trying to clean out his closets! Vintage Mac and random
> stuff:
> http://search.ebay.com/_W0QQsassZmacguy1984
>
More information about the X4U
mailing list