Linked by Thom Holwerda on Wed 22nd Feb 2006 13:05 UTC
The weak point in Apple's Mac OS X operating system is apparently worse than originally thought. In addition to attacks via the Safari web browser, Apple Mail also executes scripts without asking in certain circumstances. It suffices to disguise a script with the ending "jpg" and assign the Terminal application for opening it. If this script is then sent in the AppleDouble format as an attachment, the information is passed along so that the recipient's system also opens it with the Terminal. Apple Mail displays the attachment with a JPG file symbol, but when users click on it, the script executes within Terminal without further prompting. Update: Heise is right.
Thread beginning with comment 98440
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-11-15
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2005-07-06
you are a troll.