View this article at: http://dev.macnn.com/articles/06/03/07/trojan.flaw.persists
Tuesday, Mar 07, 2006 12:40pm

Trojan flaw persists in Mac...

Although Apple last week released a patch to address the Mac OS X zero-day exploit, it does not completely solve the problem, leaving some users open to further attacks. Last week's security update fixed more than a dozen different security holes, addressed a few exploits by concept worms, and addressed a few other unpublished security issues, according to Apple's own documentation. However, the new "download validation"--which warns users that the file may be malicious--does not completely solve the widely touted, 'extremely critical' Mac OS X zero-day exploit that allows hackers to disguise malicous files as routine files, thus allowing Safari browser or other internet application to automatically unpack and execute the file. While the patch offers a checkpoint for most using Safari, iChat, or Mail, it does not protect users that use other third-party internet programs and does not alert users users who have disabled the "Open safe files after downloading" option.

lower, operating system level, experts said. It is now still possible for hackers to construct a file that appears to be a safe file type, such as an image or movie, but is actually an application." Apple confirmed that it was still possible to disguise files. "It is definitely possible on the Mac and on any platform to create an application and try to pretend that it is something that its not. That's the definition of Trojans," Philip Schiller, Apple's senior vice-president of worldwide product marketing, told ZDnet in an interview. "There are Trojans in the world, I have yet to see a successful one on the Mac, but there are such things in the world as Trojans." Experts say that Apple's patch was the first step and that it must release other updates to address the core problem. "Apple's security fix is an important first step, said Michael Lehn, doctoral candidate and research assistant at the University of Ulm in Germany. 'I think Apple did the right thing,' said Lehn, who first disclosed the Mac OS X vulnerability. 'The fact that a script gets executed automatically had to be fixed immediately. They just have to go further.'" The warning is not enough for many users, according to readers and the 'download and install' problem has plagued Mac OS X for a few years, according to the report.