toggle

AAPL Stock: 497.67 ( 0 )

Trojan flaw persists in Mac OS X

updated 12:40 pm EST, Tue March 7, 2006

Trojan flaw persists


Although Apple last week released a patch to address the Mac OS X zero-day exploit, it does not completely solve the problem, leaving some users open to further attacks. Last week's security update fixed more than a dozen different security holes, addressed a few exploits by concept worms, and addressed a few other unpublished security issues, according to Apple's own documentation. However, the new "download validation"--which warns users that the file may be malicious--does not completely solve the widely touted, 'extremely critical' Mac OS X zero-day exploit that allows hackers to disguise malicous files as routine files, thus allowing Safari browser or other internet application to automatically unpack and execute the file. While the patch offers a checkpoint for most using Safari, iChat, or Mail, it does not protect users that use other third-party internet programs and does not alert users users who have disabled the "Open safe files after downloading" option.

lower, operating system level, experts said. It is now still possible for hackers to construct a file that appears to be a safe file type, such as an image or movie, but is actually an application."

Apple confirmed that it was still possible to disguise files.

"It is definitely possible on the Mac and on any platform to create an application and try to pretend that it is something that its not. That's the definition of Trojans," Philip Schiller, Apple's senior vice-president of worldwide product marketing, told ZDnet in an interview. "There are Trojans in the world, I have yet to see a successful one on the Mac, but there are such things in the world as Trojans."

Experts say that Apple's patch was the first step and that it must release other updates to address the core problem. "Apple's security fix is an important first step, said Michael Lehn, doctoral candidate and research assistant at the University of Ulm in Germany. 'I think Apple did the right thing,' said Lehn, who first disclosed the Mac OS X vulnerability. 'The fact that a script gets executed automatically had to be fixed immediately. They just have to go further.'"

The warning is not enough for many users, according to readers and the 'download and install' problem has plagued Mac OS X for a few years, according to the report.


by MacNN Staff

print
email
(10)

TAGS :

 troubleshooting

Related Articles

Recent Articles

toggle

Comments

  1. tomodachi

    Fresh-Faced Recruit

    Joined: Apr 2002

    0
    03/07, 12:58pm | report spam | Reply |

    From ZDNet

    Last paragraph:

    ------------ Such security issues are, of course, not exclusive to the Mac. If a user can be tricked into downloading and opening a file, that user's system can be compromised. "This is true regardless of the operating system being used. It is a universal vulnerability," Long said. ------------

    Uhh, yeah, so . . . well, I guess thank you ZDNet and MacNN for this . . . ah, non-news (yet again).

  1. resuna

    Fresh-Faced Recruit

    Joined: Jan 2005

    0
    03/07, 12:59pm | report spam | Reply |

    There are no "SAFE" fil

    Yes, you can disguise files in Mac OS. This is not a major problem... you can't completely disguise files in Windows and people are still social-engineered into running viruses. You can't stop social-engineering, except by teaching people that downloaded files are *never* safe.

    So quit calling the option "open safe files after downloading". Change it to "display downloaded file in secure application" and stop using standard LaunchServices to launch the application. Provide a "WebServices" API, or an "untrusted" flag, and limit THAT list to applications that are designed to open "untrusted" files.

    AND... to stop this attack... if there's any handler for DMG files, ZIP files, and other "wrapper" files in this "WebServices" database... it must NOT maintain metadata.

  1. HowardG

    Fresh-Faced Recruit

    Joined: Mar 2001

    0
    03/07, 01:01pm | report spam | Reply |

    Apple did their job....

    ....since when are they responsible for other software company products that may not warn you like they should?

    They lead by example and they have stepped up and done it with MacOSX and Safari.

    Its the users responsibility to make sure they don't open files they don't know are safe.

    Take some ownership and responsiblity for your machine folks, sheesh.

  1. ibugv4

    Fresh-Faced Recruit

    Joined: Jun 2003

    0
    03/07, 03:07pm | report spam | Reply |

    oh howardg..

    you don't get it. people are never to blame, some CEO is. This is America, I'm ALWAYS right and they're always wrong!

  1. jhorvatic

    Fresh-Faced Recruit

    Joined: Apr 2005

    0
    03/07, 08:55pm | report spam | Reply |

    Sounds like the 3rd party

    Sounds like the 3rd party developers have a flaw not Apple.

  1. ClevelandAdv

    Fresh-Faced Recruit

    Joined: Jul 2004

    0
    03/07, 11:01pm | report spam | Reply |

    OS X Virus

    Has any Mac been infected by a virus or trojan or worm while running OS X? I keep seeing these stories but none of them ever mention an actual infection of any machines. I think all Mac virus stories will continue to be non-stories until a Mac is actually infected.

  1. JoeE

    Fresh-Faced Recruit

    Joined: Feb 2006

    0
    03/08, 08:51am | report spam | Reply |

    Reporting Infections

    In order to maintain the image of invicibility, it's extremely easy to shrug off the fact that one's own Mac has been infected.

    Besides, any Mac user who is stupid enough to get their Mac infected probably wouldn't let others know. That's what I call, "a user who is experiencing FUD from the Mac community itself for his/her own stupidity."

    So, no, you won't hear anyone you know admit that their Mac has been truly infected with malware. And, even if they do make the admission, it's shrugged off as no big deal. Of course, all malware for the MacOS can be considered quite minor. However, the fact remains that the machine itself was infected.

  1. JoeE

    Fresh-Faced Recruit

    Joined: Feb 2006

    0
    03/08, 09:25am | report spam | Reply |

    You mean Apple cares not?

    ....since when are they responsible for other software company products that may not warn you like they should?

    They lead by example and they have stepped up and done it with MacOSX and Safari.

    Its the users responsibility to make sure they don't open files they don't know are safe.

    Take some ownership and responsiblity for your machine folks, sheesh.

    posted by HowardG

    You're right, Howard. Users need to be more responsible for the performance of their machines. To do so otherwise can be quite costly on many levels.

    On the other hand, Apple has a vested interest in the overal performance of their products. They choose carefully which manufacturers have the privilege of having their parts inside a Mac, iPod, or any other Apple product. The same goes for any software that has been made compatible for the MacOS platform. There are legal implications when a 3rd-party vendor puts the Macintosh name on their own products, indicating that it is Mac-compatible. After all, the better the two products work together, the more Apple can say that their machines outperform PCs using certain software which is proven especially in multimedia apps.

    I'd say that in the bigger scheme of things, BOTH Apple and the end-user are responsible for the overall performance of the Mac.

  1. technohedz

    Fresh-Faced Recruit

    Joined: Jul 2000

    0
    03/13, 08:21pm | report spam | Reply |

    okee jokkee

    That weird ego trip thing might be what's up w/ the linux world or something, but I wholeheartedly disagree with you.

    Unless you are completely isolated, you will find people who know more or less than you do about computers. Those who use a mac and know less than you will whine about every little thing and tell you right away (actually 'something') deleted my applications folder.

    Sometimes people may not even know they've been compromised by anything in particular and just say 'something is broken'.

    Duh..'it won't happen to me if I don't think about it or tell anyone' Sorry, heard too many complaints to buy into that.

    Why LaunchServices is becoming the proverbial 'registry' on Apple's back is beyond me. In a few months you won't be able to talk about locking an application down without some ignorant fool saying 'oh, but all someone has to do is change an entry in LaunchServices to get past that'. It's about time Apple admits they need to stop bs'ing people.

    If I drag an executable onto an application I can read it instead of executing it. With the exception of opening from within the Application file menu, there is no safer way. If you want to implement safety then change the method by which files are opened without user intervention. Not very difficult...unless you're saving security for 10.5

  1. grener

    Banned

    Joined: Jul 2006

    0
    08/11, 05:41am | report spam | Reply |

    qs

    81i | 81i1 | 81i2 | 81i3 | 81i4 | 81i5 | 81i6 | 81i7 | 81i8 | 81i9 | 81i10 | 81i11 | 81i12 | 81i13 | 81i14 | 81i15 | 81i16 | 81i17 | 81i18 | 81i19 | 81i20 | 81i21 | 81i22 | 81i23 | 81i24 | 81i25 | 81i26 | 81i27 | 81i28 | 81i29 | 81i30 | 81i31 | 81i32 | 81i33 | 81i3

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

10 Most Read

Recent Reviews

Logitech Cube

The world of mice could often be described charitably as stagnant: it's an endless sea of ergonomic shapes that assume you're sitting ...

NewerTech and Targus USB Hubs For Gifts

A useful holiday present to resolve an ongoing frustration is a multi-port hub. Whether as a stocking stuffer, Chanukah present, or an ...

X-Rite ColorMunki Photo

Color calibration is the art of tweaking your monitor so that the colors represented on screen better match real life and your printer ...

toggle

Most Commented

10 Most Discussed

 

Popular News