Macintosh Users Warned Of IE 5.1 Browser Security Hole

[InfoSec News <isn () c4i org>]

http://www.newsbytes.com/news/01/171468.html

By Steven Bonisteel, Newsbytes
REDMOND, WASHINGTON, U.S.A.,
24 Oct 2001, 11:40 AM CST

Some users of the Apple Macintosh OS X operating system and
Microsoft's Internet Explorer browser are being warned that
downloading certain kinds of files could open a security hole in their
systems.

Redmond, Wash.-based Microsoft announced in a security bulletin
Tuesday that the combination of OS X and version 5.1 - and possibly
earlier versions - of its IE browser allows executable programs
encoded as BinHex and MacBinary files to run automatically after being
downloaded.
 
The vulnerability could allow a hacker to deliver a malicious program
to unsuspecting users who download the file from an Internet server.

The MacBinary format is designed to permit the resource and data forks
associated with many Macintosh files to be transmitted via modem or
network links in a single package. BinHex allows binary files to be
encoded as plain-text files suitable for transfer by e-mail.

Applications for Apple's operating systems are frequently served up
using Web and FTP (file transfer protocol) servers employing a
combination of both formats.

Microsoft said users can easily disable the execution of programs
downloaded in those formats by changing settings within the IE browser
that would disable the automatic decoding of BinHex and MacBinary
files. However, it said, automatic decoding is currently the default
setting.

The company said the problem may also exist in versions of the
Explorer browser prior to 5.1, but, since earlier versions of the
browser for Mac OS X are not supported by Microsoft, they were not
tested.

More information and a patch to fix the problem can be found here:
http://www.microsoft.com/technet/security/bulletin/ms01-053.asp



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.