Re: Re: Question about Mac OS X 10.4 Security

[Paul Schmehl <pauls () utdallas edu>]

--On Thursday, March 02, 2006 08:57:18 +1100 mz4ph0d () gmail com wrote:
> Sorry to spoil everyone's fun.
> <http://docs.info.apple.com/article.html?artnum=303382>
>
> Maybe, just maybe, Apple are actually better (able/positioned) to
> respond quickly to vulnerabilities before the exploits in-the-wild
> affect more than 50 people? Who knows.
It doesn't look like it.  They seem to have addressed the vulnerability as 
it applies to Safari, but not the underlying vulnerability.  If I send you 
an email, with a zip attachment (naming and extension is irrelevant), and I 
can get you to attempt to open the attachment (fairly trivial with many 
users), I can execute abitrary code on your machine.  The only 
"restriction" is that, if I attempt to execute code that requires admin 
privileges, I'd have to convince you to type in your password (again, 
fairly trivial for most users.)

So, Apple hasn't fully addressed this problem yet.  (Trust me, I've tested 
it.)  If you are responsible for Macs and you haven't read this yet, you 
need to:

<http://isc.sans.org/diary.php?storyid=1138&rss>  (Don't click the PoC link 
if you're using a Mac!)

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/