[Fed-Talk] "More security problems bite Apple"-RNZ
[Fed-Talk] "More security problems bite Apple"-RNZ
- Subject: [Fed-Talk] "More security problems bite Apple"-RNZ
- From: email@hidden
- Date: Fri, 24 Feb 2006 12:57:28 -0600
The last sentence of the article states that the loophole by changing some
preferences....sure would be nice if they stated which ones. I agree in a Gov
environment it was hard enough to get Macs in lets be proactive with Fix-its
and info on Security issues. When I heard of the security problem I went
straight to Apple.com to find out some info and I couldn't find a thing, I
figured it would be front page information....damage control.
"More security problems bite Apple (http://tvnz.co.nz/view/page/488120/664776)
Virus attacking Apple Mac PCs found
Feb 23, 2006
Experts have uncovered a serious security bug in the way Apple software handles
downloaded files.
The flaw could give malicious attackers a back door into Mac computers if users
visit carefully crafted websites and download booby-trapped files.
Although no attackers were known to be exploiting the bug, experts said it was
easy to write code to take advantage of the flaw.
Separately, three concept viruses for Apple computers have been discovered.
The discovery of the bug opens up Apple users to so-called "drive-by downloads"
that plague users of the Window operating system and are used by makers of
adware and spyware to install their software on victims' PCs.
Discovered by University of Ulm student Michael Lehn, the loophole arises
because of the way that Apple's OSX operating handles downloaded files.
Although OSX displays an icon for files based on the suffix it finds on the
programme being downloaded i.e. jpg, it uses different criteria to decide what
to do with these files. This makes it possible to have files look benign by
labelling them as images but, behind the scenes the operating system will know
it is dealing with a proper programme and run it as such.
Initially, the flaw was thought only to affect compressed or zipped files but
the Internet Storm Center said it can be used for any file that arrives on a
target machine.
So far, no net-based exploits of the bug are known to be in existence but Apple
is known to be working on a fix for the flaw.
The operating system can also be made secure against the loophole by changing
some preferences.
Source: RNZ"
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden