IRT > HelpCentral > Mac OS X - Safari Security Alert (February 21, 2006)

IRT

  • NEWS!!
  • About IRT
  • Facilities
  • Policies
  • Strategy
  • Metrics
  • Tech Updates

    • SERVICES

  • Computer Accounts
  • Computer Marketplace
  • Mass Mailing
  • Music Select
  • Telephone Services
  • Bb/Vista
  • Workshops

    • SUPPORT

  • HelpCentral
  • Networking
  • System Status
  • The Computer Fixer
  • Web/Media Support
  • Virus Information

    • SEARCH IRT:
     

    CONTACT IRT

    IRT SITEMAP

     

    Mac OS X - Security Alerts

    Two Mac OS flaws have been identified this week. First is a worm called OSX.Inqtana.A, which spreads through a vulnerability in OS X via Bluetooth. The worm attempts to use Bluetooth connections to spread by searching for other devices using Bluetooth that will accept requests for a connection when the computer is restarted. Its specific name is the BlueTooth Directory Traversal Vulnerability. Up-to-date virus definitions and current system updates will address this flaw as well as generally following safe computing practices. This is a low threat level, according to Symantec Anti-Virus.

    Safari Security Alert (February 21, 2006)

    Another flaw has been discovered that could allow an attacker to execute malicious code on a Mac OS X machine.  The flaw is not actually a software bug, but rather an insecure default setting in Apple's Safari web browser.  This vulnerability does not occur in alternate web browsers such as Firefox or Camino because neither browser supports automatic execution of files by default as does Safari.

    By default, Safari is configured to automatically open what it considers to be "safe" files.  Some of these "safe" files, though, have the potential to be "unsafe".  It's been shown that an attacker could essentially encapsulate malicious code into a file that appears to be one of the "safe" file types (such as a image or audio file).  Upon download, the file would be opened and the code executed.  Please note that, at this time, no specific exploits have been reported, but there are still steps that should be taken to protect your system.

    • Click the Safari menu, then Preferences, and uncheck the box next to Open "safe" files after downloading (as seen below).  This will prevent downloaded files from automatically opening, which means that you'll need to know where the files go in order to find and open them.  The default file download location is the Desktop, but you can choose another location using the Save downloaded files to: drop-down box if you'd like.  The important thing to remember is that you'll need to manually double-click downloaded files in order to open them.  This may seem inconvenient, but not making this change leaves your system vulnerable.
    • Another step that you may want to take just to be extra sure that you won't fall victim to this vulnerability is to move the Terminal application.  This vulnerability relies on an attacker encapsulating a specially designed "shell script" into a file with a recognized extension (such as .jpg or .mov) and then creating a zipped archive.  With the Open "safe" files after downloading option enabled, Safari believes the file to be safe, so it opens it and the shell script executes in the Terminal application.  By moving Terminal from its default location (Macintosh HD > Applications > Utilities) to another location (say, Macintosh HD > Applications), the shell script won't be able to locate Terminal and therefore won't be able to execute. 

    For more information, please see the following links or call the IRT Help Desk at 215-895-2698:

     

     Modified: February 25, 2008 Home Contents Index Contact Us Search Feedback / Corrections