SysChat

SysChat (http://www.syschat.com/forum.php)
-   News (http://www.syschat.com/news/)
-   -   Severe security hole in Apple Safari Browser (http://www.syschat.com/severe-security-hole-apple-safari-browser-364.html)

Sami 02-21-2006 08:40 PM

Severe security hole in Apple Safari Browser
 
A new security hole in the Safari webbrowser for Apple’s Mac OS X has been discovered. This security hole is rather severe, as it invokes the execution of shell scripts under certain circumstances.

Once again the Safari option “open ’safe’ files automatically after download” bears the blame. If this facility runs across a shell script that is missing the so-called Shebang-row, the system won’t ask the user whether to execute the file automatically anymore - it’ll just execute it anyways. Unfortunately you can simply rename a shellscript without a Shebang-row to known-good filetype extensions like JPG or PNG and put that renamed script into a ZIP file - zipping as well an administrative file that’ll connect that file with the shell. A target Mac then “knows” automatically how to open that file if it receives that ZIP - it’ll take it as totally normal to execute the “jpg file” with the shell.

Continue at Source ...

Source: 4null4.de

JadedSage 02-27-2006 08:33 PM

I'm not a Mac user (wish I was, though), but I'm not surprised to hear this news. Happened with Firefox, too. All part of the growth process. :)


All times are GMT -4. The time now is 12:16 PM.


Copyright © 2005-2013 SysChat.com


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54