Safari security hole raises risks for Apple Mac users
February 23, 2006
Apple Mac users are warned that there is new software code that can exploit a security hole in Apple's Safari Internet browser. The new virus was added to a popular hacking tool yesterday, increasing the risks of virus attacks for Apple Mac owners.
Hackers refer to so-called shell code that can take advantage of a security hole in Safari's safe file feature. That feature was added to the Metasploit framework yesterday and a copy of the script was posted on FrSIRT.com, a software vulnerability and exploit Web site.
Apple did not immediately respond to a request for comment. On Feb. 21, the company said that it takes security very seriously and was working on a fix for the Safari vulnerability.
The hole was first reported on Feb. 20 after security researcher Michael Lehn, a graduate student at the University of Ulm, in southern Germany, documented a problem with Safari's handling of shell commands.
The security hole could be exploited by files that were downloaded directly from a Web page and without any user interaction.
Lehn discovered the hole in a feature called Open Safe Files, which allows files such as ZIP archives and movie files to be opened and viewed automatically.
Safari will run specially modified shell script files that are stored in ZIP archives without prompting the user first. That would enable attackers to enclose a series of malicious commands in a shell script that would then be run automatically by Safari when the ZIP archive was downloaded from a Web site or opened as an e-mail attachment.
The code posted on Feb. 22 creates a new Metasploit module for the Safari exploit. It is a slight modification of "proof of concept" code written by Lehn, with minor modifications to make the exploit harder for IDS (intrusion detection system) software to detect, said Johannes Ullrich of the SANS Internet Storm Center.
Malicious hackers could set up a Web page, and then use Metasploit to trigger the Safari hole on the systems of Mac users who visited the site, he said.
Anti-virus software and vulnerability tracking companies said the Safari hole is very severe or "critical" for users of Apple systems running Mac OS X.
However, the hole does not affect the more than 90 percent of computer users running non-Mac systems.
Symantec advised Safari users to turn off the "Open 'safe' files after downloading" feature on the Web browser and review an Apple document on safely handling files downloaded from the Internet.
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing