Welcome to WebmasterWorld Guest from 54.162.109.245

Forum Moderators: incrediBILL

Message Too Old, No Replies

Mac OS X flaw affects Safari surfers

"open safe" isn't

     
12:04 am on Mar 3, 2007 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:10551
votes: 10


reposted here due to broken link.

details in CNET News.com [news.com.com].

2:36 am on Mar 3, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


This seems to be key:

It affects Mac OS X 10.4.8, the most recent version of Apple's operating system and, possibly, previous versions...

The flaw can be exploited if the Mac user has enabled an option in Safari to "open safe files after downloading," Secunia said in an advisory Thursday. The security company has rated the problem "highly critical."

"It is never good to have something open automatically when you download it, so users should disable this automatic feature in Safari," said Thomas Kristensen, Secunia's chief technology officer.

2:43 am on Mar 3, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 10, 2006
posts:661
votes: 0


This has happened before and been patched. Time for a new patch methinks.
9:03 am on Mar 3, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 5, 2001
posts:2723
votes: 0


These type of issues open up for fun scripts to be exploited while executing the vulnerability as well as spyware and root access type threats. make sure to follow the apple updates.
11:13 am on Mar 3, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 26, 2004
posts:1497
votes: 0


The original story is from the middle of January. Weren’t fixes for these included in Apple’s 2007-02 security update?

Regardless, anyone using Safari should turn off the ‘open safe’ feature. It’s just waiting for more attacks.

11:23 am on Mar 3, 2007 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:10551
votes: 10


this wasn't intended to be new news.
this was originally posted in january.
the link to the nytimes "reprint" article became nonfunctional so it was reposted with the link to the originial cnet news article for historical/archive purposes.
4:54 pm on Mar 3, 2007 (gmt 0)

Junior Member

10+ Year Member

joined:Feb 11, 2005
posts:78
votes: 0


this wasn't intended to be new news

Yeah, I was surprised to see it on the home page of Webmasterworld.com. I guess it is good, though, that someone thinks that a security hole in Safari/OS X is front-page news-worthy. I don't think this hole was ever exploited...at least not on a major scale. In addition, it is good that a patch was released a few months ago...

1:40 am on Mar 4, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member billys is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:June 1, 2004
posts:3181
votes: 0


Oh my, something wrong with Mac. Guess I might as well stick with Windows.
4:44 am on Mar 4, 2007 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:10551
votes: 10


Oh my, something wrong with Mac.

and it makes front page news when it happens.
this is so hohum for ms users...