Potential Safari \'fix\'

An avid Mac user today released a small program called Safe Terminal (untested/not verified) that claims to protect against the recently-discovered 'safe execution' vulnerability in Safari, one that can allow remote system access. The flaw, reported earlier this week and confirmed yesterday by Symantec, takes advantage of an automatically selected option to "open safe files" after downloading. According to the author, Safe Terminal fixes a security weakness with the Terminal utility, preventing the execution of scripts without the user's permission. The author of the fix also says it's possible for malicious users to create "plain files," that will be executed by Terminal when double-clicked without warning. Safe Terminal guards against both of these issues, but will not execute .command and .term files, nor will a new shell window open when launching Terminal.app. Safe Terminal is available for free via download. Apple, which typically does not respond to revealed security threats, has yet to release its own patch for the flaw.

While Symantec Security Response rates the vulnerability as high severity, it says there is no known exploit currently targeting this vulnerability.

"The issue exists because of an error when processing file association metadata. This metadata is contained in the '.__' file contained within an archive and extracted to the '__macosx' directory," according to the company. "Successful exploitation can allow a malicious script file to be renamed with a safe extension in order to trick a user into believing that the file is safe. This issue is considered to be remotely exploitable in nature because the Safari Web browser will automatically open ZIP archives when downloaded. Mac OS X (version 10.4) is reported to be vulnerable to this exploit. Earlier versions may also be affected."

Symantec (and security firm Secunia) recommend turning off the “Open ‘safe’ files after downloading” feature in the Web browser software to protect themselves.

by MacNN Staff