News You Can Use
Feb 21st, 2006 at 2:36 pm by Susie
For the Mac users:
A new security vulnerability in Safari has been identified by security experts at Secunia.
The company - which rates the flaw as “extremely critical†- says that the vulnerability was discovered by a source outside the company, Michael Lehn.
It can be exploited by malicious people to compromise a user’s system, it warns.
The vulnerability is caused due by an error in the processing of file association meta data (stored in the “__MACOSX” folder) in ZIP archives.
“This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive,†Secunia warns.
It can also be exploited automatically by Safari when visiting a malicious website.
“Bring it on”
Nobody ever said Macs COULDN’T be targeted for malware. Some of the earliest viruses were written for Macs.
Today’s malware ecosystem, however, is not based on code-writer masturbation, the old “I do this because I CAN” mentality. Today’s malware is created for the most part by companies that PROFIT from it.
That’s why nearly every kind of computer pest we run across today depends upon the recipient using some combination of Windows, Internet Explorer and Outlook/Outlook Express. There’s no profit in creating anything that can only reach about 1 in 50 or so computer users.
Now that Macs are being built with Intel processors, there seems to be new interest in writing viruses to target them. The three so far announced are pretty pathetic; one requires you to unzip it and open it, another requires the malicious party to be within 10 feet of the target computer since it propagates via Bluetooth. The third one is more theoretical than anything.
As a Mac user, I’ll be watching these developments, but they won’t be keeping me up nights — or more importantly, making me spend an hour every couple of days running a variety of anti-malware programs. Many of these things are executables — and Mac OS X demands a password before it will let you install an executable program.
I use Firefox more than Safari these days, but I still keep a wary eye on malware developments. But like any computer user, regardless of platform preference, as long as one keeps a bit common sense with regard to downloading, it’s fairly safe out there.