funsec mailing list archives

Serious Flaw on OS X in Apple Safari

From: "Fergie" <fergdawg () netzero net>
Date: Tue, 21 Feb 2006 01:09:06 GMT

Via The SAN ISC Daily Handler's Diary.

[snip]

We received notice from Juergen Schmidt, editor-in-chief at heise.de, that a serious vulnerability has been found in 
Apple Safari on OS X. "In its default configuration shell commands are execute[d] simply by visting a web site - no 
user interaction required." This could be really bad. Attackers can run shell scripts on your computer remotely just by 
visiting a malicious website.

Full text of the article: http://www.heise.de/english/newsticker/news/69862

Proof of concept from the original discoverer (Michael Lehn): http://www.mathematik.uni-ulm.de/~lehn/mac.html

[snip]

http://isc.sans.org/diary.php?storyid=1138

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Serious Flaw on OS X in Apple Safari Fergie (Feb 20)
- Re: Serious Flaw on OS X in Apple Safari Anthony Rodgers (Feb 20)
  - RE: Serious Flaw on OS X in Apple Safari Larry Seltzer (Feb 20)
    - Re: Serious Flaw on OS X in Apple Safari Anthony Rodgers (Feb 20)
- <Possible follow-ups>
- Re: Serious Flaw on OS X in Apple Safari Fergie (Feb 20)
- RE: Serious Flaw on OS X in Apple Safari Fergie (Feb 20)