Linked by Amjith Ramanujam on Thu 24th Jul 2008 18:01 UTC, submitted by Ward D
Bugs & Viruses Mac Antivirus developer Intego might have stumbled across an OS X specific virus being offered for auction that targets a previously unknown ZIP archive vulnerability. From Intego's posting, it appears that an enterprising auctioneer seems determined to make sure that his name is one that is not forgotten when it comes to Apple security, claiming that his exploit is a poisoned ZIP archive that will "KO the system and Hard Drive" when unarchived.
Thread beginning with comment 324453
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Hardly likely
by tomcat on Fri 25th Jul 2008 00:10 UTC in reply to "Hardly likely"
tomcat
Member since:
2006-01-06

That is hardly likely. A vulnerability in zip-whatever (e.g. bomarchivehelper) won't lead to control of the system.


HTF can you conclude that? You don't have any idea where the ZIP decompression is called from. If it's running in privileged code, then you DO have a problem that can lead to control of the system.

Reply Parent Score: 2

RE[2]: Hardly likely
by SReilly on Fri 25th Jul 2008 16:00 in reply to "RE: Hardly likely"
SReilly Member since:
2006-12-28

HTF can you conclude that? You don't have any idea where the ZIP decompression is called from. If it's running in privileged code, then you DO have a problem that can lead to control of the system.

Where the f*** have you ever seen a decompression utility running privileged code? Oh, I forgot, you come from a windows centric world.

Try a real platform some time ;-P

Reply Parent Score: 1