diamondd

http://isc.incidents.org/diary.php?storyid=1138

Thoughts? I understand the first part, but can someone explain the second part please of how this still makes a machine vulnerable without needing Safari?

I ask this because surely the user would have to decompress the file to begin with, and if the file is from a suspicious/malicious site, then a user would not choose to unzip it ?

Also, does OSX not give you a warning when you are unzipping a file if there are commands in it?

nikkey

thats terrible i bet apple will fix it sooner rather than later

drakula

I tried it with Shiira, it landed on my desk top.. In safari I unchecked this box a long time ago, it stops the automatic opening of a file.

diamondd

Yes, I agree. I always have mine unticked too. However, they are saying, even if it is unchecked in Safari that it still presents a serious risk in the updated part, as it does not require Safari to run.

Just wanted to know in layman's terms what they are trying to say in the second part of the report as I can see the vulnerability, but the method behind it (having to uncompress a suspect file) is unlikely to happen too much - unless users are in the habit of uncompressing suspect files perhaps?

nikkey

I really don't understand, but I just clicked on a link that is suppose to be a demo of the exploit.. It didn't open, are you saying it doesn't have to open??

drakula

This is just a reflection of Safari autohandleing certain file types automatically near as I can tell.

This was corrected for default behavior with the whole widget fiasco. If someone has safari (or other app) set to autohandle the file there is a risk. Further as near as I can tell you can have a script autorun on unzipping of the file, this might not be the wisest of things to allow a zip file to do without warning. If that is the case then it is "as designed" but is a potential problem.

diamondd

This has nothing to do with safari. Malicious files can be disguised to appear like any file that the mean ol destructor of the mac omniverse desires. One simple way to guard from this is to stick to column view. The nice little preview window will tell you what app is associated with the file, regardless of name and extension.

drakula

I agree that I know how my computer works, and that users SHOULD. Unfortunately for me, most of the users that I support do not. If it looks like a jpeg, they are going to open it. If they downloaded a "mp3" from a peer to peer network, they aren't going to pay attention to the fact that it is only 2KB. They are going to execute that file and execute the nice little script that deletes their home directory.

I can show them how to protect themselves, the fact is they won't.

I can lead the horse to water, **** I can toss it in. But unless I ram a feeding tube down it's throat or stick it with an IV, 90% of the time it's not going to take a drink.

diamondd

Hmm... I agree with JunMacTech, but the problem here is: how do you "fix it"? First, Apple has to keep the support for custom icons on all files—there would be many complaints if they didn't, so now what do you do? I, honestly, have no idea. :-\

nikkey

I believe this to be correct in some ways, although they are saying that it can be applied in any file format, they are saying it is launched through safari. If you acces this file in any other way (ie. through mail or an im transfer) then you will have to execute it yourself, which is not much of a threat because you should know how your computer works and how it should handle certainf file types.. you are correct that a good way to protect yourself is to use column veiw but an other good way to protect yourself would be to enbable file extentions in finder so you can see what it is you are dealing with. It is very easy for somebody (like it already occured) to change the icon of an application to appear to be a jpeg.